Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

109,385 advisories

Loading
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This... Moderate Unreviewed
CVE-2024-37476 was published Jul 4, 2024
VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor... Moderate Unreviewed
CVE-2024-22277 was published Jul 4, 2024
The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2024-5641 was published Jul 4, 2024
Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64... Moderate Unreviewed
CVE-2024-1573 was published Jul 4, 2024
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Moderate Unreviewed
CVE-2024-1574 was published Jul 4, 2024
A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected... Moderate Unreviewed
CVE-2024-31486 was published May 14, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-3639 was published Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-3638 was published Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-2926 was published Jul 4, 2024
An attacker with admin access can install rogue applications. As for the affected products/models... Moderate Unreviewed
CVE-2024-27180 was published Jun 14, 2024
Toshiba printers provide a web interface that will load the JavaScript file. The file contains... Moderate Unreviewed
CVE-2024-27162 was published Jun 14, 2024
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An... Moderate Unreviewed
CVE-2024-27160 was published Jun 14, 2024
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An... Moderate Unreviewed
CVE-2024-27159 was published Jun 14, 2024
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An... Moderate Unreviewed
CVE-2024-27161 was published Jun 14, 2024
Toshiba printers will display the password of the admin user in clear-text and additional... Moderate Unreviewed
CVE-2024-27163 was published Jun 14, 2024
Remote Command program allows an attacker to read any file using a Local File Inclusion... Moderate Unreviewed
CVE-2024-27175 was published Jun 14, 2024
Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the... Moderate Unreviewed
CVE-2024-27179 was published Jun 14, 2024
Passwords are stored in clear-text logs. An attacker can retrieve passwords. As for the affected... Moderate Unreviewed
CVE-2024-27154 was published Jun 14, 2024
The session cookies, used for authentication, are stored in clear-text logs. An attacker can... Moderate Unreviewed
CVE-2024-27156 was published Jun 14, 2024
The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A... Moderate Unreviewed
CVE-2024-27157 was published Jun 14, 2024
The Toshiba printers do not implement privileges separation. As for the affected products/models... Moderate Unreviewed
CVE-2024-27146 was published Jun 14, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed
CVE-2024-27142 was published Jun 14, 2024
Toshiba printers use XML communication for the API endpoint provided by the printer. For the... Moderate Unreviewed
CVE-2024-27141 was published Jun 14, 2024
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an... Moderate Unreviewed
CVE-2024-39891 was published Jul 2, 2024
In https://github.com/google/nftables  IP addresses were encoded in the wrong byte order,... Moderate Unreviewed
CVE-2024-6284 was published Jul 4, 2024
ProTip! Advisories are also available from the GraphQL API