GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
100,773 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37554
was published
Jul 6, 2024
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server...
Moderate
Unreviewed
CVE-2024-6095
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37553
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37546
was published
Jul 6, 2024
Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This...
Moderate
Unreviewed
CVE-2024-37542
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37541
was published
Jul 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-37547
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37539
was published
Jul 6, 2024
Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects...
Moderate
Unreviewed
CVE-2024-37208
was published
Jul 6, 2024
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and...
Moderate
Unreviewed
CVE-2024-5616
was published
Jul 6, 2024
A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter...
Moderate
Unreviewed
CVE-2024-6526
was published
Jul 5, 2024
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio...
Moderate
Unreviewed
CVE-2024-6505
was published
Jul 5, 2024
HCL Nomad server on Domino fails to properly handle users configured with limited Domino access...
Moderate
Unreviewed
CVE-2024-23588
was published
Jul 5, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It...
Moderate
Unreviewed
CVE-2024-6525
was published
Jul 5, 2024
A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic....
Moderate
Unreviewed
CVE-2024-6523
was published
Jul 5, 2024
A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by...
Moderate
Unreviewed
CVE-2024-6524
was published
Jul 5, 2024
A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by...
Moderate
Unreviewed
CVE-2024-6511
was published
Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue...
Moderate
Unreviewed
CVE-2024-37474
was published
Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This...
Moderate
Unreviewed
CVE-2024-37476
was published
Jul 4, 2024
VMware Cloud Director Availability contains an HTML injection vulnerability.
A
malicious actor...
Moderate
Unreviewed
CVE-2024-22277
was published
Jul 4, 2024
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64...
Moderate
Unreviewed
CVE-2024-1573
was published
Jul 4, 2024
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability...
Moderate
Unreviewed
CVE-2024-1574
was published
Jul 4, 2024
The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of...
Moderate
Unreviewed
CVE-2024-5641
was published
Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-3638
was published
Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-3639
was published
Jul 4, 2024
ProTip!
Advisories are also available from the
GraphQL API