GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
87,216 advisories
Filter by severity
Gogs through 0.13.0 allows argument injection during the tagging of a new release.
High
Unreviewed
CVE-2024-39933
was published
Jul 4, 2024
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the ...
High
Unreviewed
CVE-2024-6506
was published
Jul 4, 2024
The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions...
High
Unreviewed
CVE-2024-5943
was published
Jul 4, 2024
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in...
High
Unreviewed
CVE-2024-6507
was published
Jul 4, 2024
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not...
High
Unreviewed
CVE-2024-6387
was published
Jul 1, 2024
Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on...
High
Unreviewed
CVE-2024-3904
was published
Jul 4, 2024
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file...
High
Unreviewed
CVE-2024-6318
was published
Jul 4, 2024
Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi...
High
Unreviewed
CVE-2024-1182
was published
Jul 4, 2024
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file...
High
Unreviewed
CVE-2024-6319
was published
Jul 4, 2024
A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16...
High
Unreviewed
CVE-2024-31484
was published
May 14, 2024
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5...
High
Unreviewed
CVE-2024-31485
was published
May 14, 2024
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050...
High
Unreviewed
CVE-2023-33919
was published
Jun 13, 2023
A high privileged remote attacker can execute arbitrary system commands via GET requests due to...
High
Unreviewed
CVE-2024-5672
was published
Jul 3, 2024
A remote attacker using the insecure upload functionality will be able to overwrite any Python...
High
Unreviewed
CVE-2024-27171
was published
Jun 14, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in...
High
Unreviewed
CVE-2024-2385
was published
Jul 4, 2024
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by...
High
Unreviewed
CVE-2024-27177
was published
Jun 14, 2024
It appears that some hardcoded keys are used for authentication to internal API. Knowing these...
High
Unreviewed
CVE-2024-27168
was published
Jun 14, 2024
Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several...
High
Unreviewed
CVE-2024-27167
was published
Jun 14, 2024
All the Toshiba printers share the same hardcoded root password. As for the affected products...
High
Unreviewed
CVE-2024-27158
was published
Jun 14, 2024
It was observed that all the Toshiba printers contain credentials used for WebDAV access in the...
High
Unreviewed
CVE-2024-27170
was published
Jun 14, 2024
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by...
High
Unreviewed
CVE-2024-27176
was published
Jun 14, 2024
Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal...
High
Unreviewed
CVE-2024-27166
was published
Jun 14, 2024
Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability....
High
Unreviewed
CVE-2024-27165
was published
Jun 14, 2024
Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see...
High
Unreviewed
CVE-2024-27164
was published
Jun 14, 2024
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by...
High
Unreviewed
CVE-2024-27178
was published
Jun 14, 2024
ProTip!
Advisories are also available from the
GraphQL API