GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
9,592 advisories
Filter by severity
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS...
Low
Unreviewed
CVE-2024-37234
was published
Jul 6, 2024
The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores...
Low
Unreviewed
CVE-2024-40594
was published
Jul 6, 2024
The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial...
Low
Unreviewed
CVE-2024-6434
was published
Jul 4, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial...
Low
Unreviewed
CVE-2024-32754
was published
Jul 4, 2024
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any...
Low
Unreviewed
CVE-2024-6126
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a...
Low
Unreviewed
CVE-2024-39807
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads...
Low
Unreviewed
CVE-2024-39353
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote...
Low
Unreviewed
CVE-2024-36257
was published
Jul 3, 2024
Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent...
Low
Unreviewed
CVE-2024-39361
was published
Jul 3, 2024
Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly...
Low
Unreviewed
CVE-2024-32673
was published
Jul 3, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component ...
Low
Unreviewed
CVE-2024-39157
was published
Jun 27, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component ...
Low
Unreviewed
CVE-2024-39156
was published
Jun 27, 2024
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This...
Low
Unreviewed
CVE-2024-30119
was published
Jun 15, 2024
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in...
Low
Unreviewed
CVE-2024-27845
was published
Jun 10, 2024
OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies...
Low
Unreviewed
CVE-2024-34274
was published
May 21, 2024
The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its...
Low
Unreviewed
CVE-2024-2220
was published
May 23, 2024
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
Low
Unreviewed
CVE-2024-29852
was published
May 23, 2024
Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an...
Low
Unreviewed
CVE-2023-47169
was published
May 16, 2024
Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an...
Low
Unreviewed
CVE-2023-38420
was published
May 16, 2024
PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an...
Low
Unreviewed
CVE-2024-33007
was published
May 14, 2024
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection...
Low
Unreviewed
CVE-2024-34218
was published
May 14, 2024
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow...
Low
Unreviewed
CVE-2024-34203
was published
May 14, 2024
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name...
Low
Unreviewed
CVE-2024-31636
was published
May 3, 2024
An Unverified Password Change could allow a malicious actor with API access to the device to...
Low
Unreviewed
CVE-2024-29208
was published
May 7, 2024
A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for...
Low
Unreviewed
CVE-2024-29210
was published
May 7, 2024
ProTip!
Advisories are also available from the
GraphQL API