Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

241,040 advisories

Loading
A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by... Moderate Unreviewed
CVE-2024-6511 was published Jul 4, 2024
Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated... High Unreviewed
CVE-2024-39934 was published Jul 4, 2024
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command... Unknown Unreviewed
CVE-2024-39935 was published Jul 4, 2024
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x... High Unreviewed
CVE-2024-39936 was published Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue... High Unreviewed
CVE-2024-37472 was published Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This... High Unreviewed
CVE-2024-37471 was published Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue... Moderate Unreviewed
CVE-2024-37474 was published Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This... Moderate Unreviewed
CVE-2024-37476 was published Jul 4, 2024
Gogs through 0.13.0 allows argument injection during the tagging of a new release. High Unreviewed
CVE-2024-39933 was published Jul 4, 2024
Rejected reason: CVE assigned by mistake as a duplicate. Unknown Unreviewed
CVE-2024-6513 was published Jul 4, 2024
Gogs through 0.13.0 allows argument injection during the previewing of changes. Critical Unreviewed
CVE-2024-39932 was published Jul 4, 2024
Gogs through 0.13.0 allows deletion of internal files. Critical Unreviewed
CVE-2024-39931 was published Jul 4, 2024
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go,... Critical Unreviewed
CVE-2024-39930 was published Jul 4, 2024
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the ... High Unreviewed
CVE-2024-6506 was published Jul 4, 2024
Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request,... Unknown Unreviewed
CVE-2024-39211 was published Jul 4, 2024
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers... Unknown Unreviewed
CVE-2024-39165 was published Jul 4, 2024
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can... Unknown Unreviewed
CVE-2024-39929 was published Jul 4, 2024
VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor... Moderate Unreviewed
CVE-2024-22277 was published Jul 4, 2024
The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... High Unreviewed
CVE-2024-5943 was published Jul 4, 2024
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in... High Unreviewed
CVE-2024-6507 was published Jul 4, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial... Low Unreviewed
CVE-2024-32754 was published Jul 4, 2024
The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2024-5641 was published Jul 4, 2024
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64... Moderate Unreviewed
CVE-2024-1573 was published Jul 4, 2024
Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on... High Unreviewed
CVE-2024-3904 was published Jul 4, 2024
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2024-6318 was published Jul 4, 2024
ProTip! Advisories are also available from the GraphQL API