GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
109,385 advisories
Filter by severity
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This...
Moderate
Unreviewed
CVE-2024-37476
was published
Jul 4, 2024
VMware Cloud Director Availability contains an HTML injection vulnerability.
A
malicious actor...
Moderate
Unreviewed
CVE-2024-22277
was published
Jul 4, 2024
The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of...
Moderate
Unreviewed
CVE-2024-5641
was published
Jul 4, 2024
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64...
Moderate
Unreviewed
CVE-2024-1573
was published
Jul 4, 2024
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability...
Moderate
Unreviewed
CVE-2024-1574
was published
Jul 4, 2024
A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected...
Moderate
Unreviewed
CVE-2024-31486
was published
May 14, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-3639
was published
Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-3638
was published
Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2024-2926
was published
Jul 4, 2024
An attacker with admin access can install rogue applications. As for the affected products/models...
Moderate
Unreviewed
CVE-2024-27180
was published
Jun 14, 2024
Toshiba printers provide a web interface that will load the JavaScript file. The file contains...
Moderate
Unreviewed
CVE-2024-27162
was published
Jun 14, 2024
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An...
Moderate
Unreviewed
CVE-2024-27160
was published
Jun 14, 2024
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An...
Moderate
Unreviewed
CVE-2024-27159
was published
Jun 14, 2024
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An...
Moderate
Unreviewed
CVE-2024-27161
was published
Jun 14, 2024
Toshiba printers will display the password of the admin user in clear-text and additional...
Moderate
Unreviewed
CVE-2024-27163
was published
Jun 14, 2024
Remote Command program allows an attacker to read any file using a Local File Inclusion...
Moderate
Unreviewed
CVE-2024-27175
was published
Jun 14, 2024
Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the...
Moderate
Unreviewed
CVE-2024-27179
was published
Jun 14, 2024
Passwords are stored in clear-text logs. An attacker can retrieve passwords. As for the affected...
Moderate
Unreviewed
CVE-2024-27154
was published
Jun 14, 2024
The session cookies, used for authentication, are stored in clear-text logs. An attacker can...
Moderate
Unreviewed
CVE-2024-27156
was published
Jun 14, 2024
The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A...
Moderate
Unreviewed
CVE-2024-27157
was published
Jun 14, 2024
The Toshiba printers do not implement privileges separation. As for the affected products/models...
Moderate
Unreviewed
CVE-2024-27146
was published
Jun 14, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the...
Moderate
Unreviewed
CVE-2024-27142
was published
Jun 14, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the...
Moderate
Unreviewed
CVE-2024-27141
was published
Jun 14, 2024
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an...
Moderate
Unreviewed
CVE-2024-39891
was published
Jul 2, 2024
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order,...
Moderate
Unreviewed
CVE-2024-6284
was published
Jul 4, 2024
ProTip!
Advisories are also available from the
GraphQL API