GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
249,573 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-47840
was published
Oct 5, 2024
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41...
Unknown
Unreviewed
CVE-2024-47913
was published
Oct 5, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia...
Moderate
Unreviewed
CVE-2024-47848
was published
Oct 5, 2024
Strapi Server-Side Request Forgery (SSRF)
High
CVE-2024-37818
was published
for
@strapi/strapi
(npm)
Jun 20, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Low
Unreviewed
CVE-2024-43687
was published
Oct 4, 2024
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote...
Unknown
Unreviewed
CVE-2024-37868
was published
Oct 4, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Moderate
Unreviewed
CVE-2024-7801
was published
Oct 4, 2024
In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the...
Moderate
Unreviewed
CVE-2024-47911
was published
Oct 4, 2024
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote...
Unknown
Unreviewed
CVE-2024-37869
was published
Oct 4, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),...
High
Unreviewed
CVE-2024-9054
was published
Oct 4, 2024
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A...
Unknown
Unreviewed
CVE-2024-47910
was published
Oct 4, 2024
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a...
Unknown
Unreviewed
CVE-2023-26770
was published
Oct 4, 2024
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows...
High
Unreviewed
CVE-2024-43685
was published
Oct 4, 2024
itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function...
Unknown
Unreviewed
CVE-2024-46078
was published
Oct 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Low
Unreviewed
CVE-2024-43686
was published
Oct 4, 2024
Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the...
Unknown
Unreviewed
CVE-2023-26771
was published
Oct 4, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site...
High
Unreviewed
CVE-2024-43684
was published
Oct 4, 2024
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site...
Unknown
Unreviewed
CVE-2024-46077
was published
Oct 4, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100...
High
Unreviewed
CVE-2024-43683
was published
Oct 4, 2024
A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and...
Unknown
Unreviewed
CVE-2024-41513
was published
Oct 4, 2024
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before...
Unknown
Unreviewed
CVE-2024-41512
was published
Oct 4, 2024
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker...
High
Unreviewed
CVE-2024-47125
was published
Sep 26, 2024
The goTenna Pro broadcast key name is always sent unencrypted and could reveal the location of...
Moderate
Unreviewed
CVE-2024-47128
was published
Sep 26, 2024
A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0...
Unknown
Unreviewed
CVE-2024-41514
was published
Oct 4, 2024
ProTip!
Advisories are also available from the
GraphQL API