GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
112,833 advisories
Filter by severity
A vulnerability has been identified in Node.js version 20, affecting users of the experimental...
Moderate
Unreviewed
CVE-2023-30582
was published
Sep 7, 2024
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code....
Moderate
Unreviewed
CVE-2023-39333
was published
Sep 7, 2024
IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to...
Moderate
Unreviewed
CVE-2024-40680
was published
Sep 7, 2024
A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified...
Moderate
Unreviewed
CVE-2024-8554
was published
Sep 7, 2024
IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected...
Moderate
Unreviewed
CVE-2024-37068
was published
Sep 7, 2024
A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been...
Moderate
Unreviewed
CVE-2024-8555
was published
Sep 7, 2024
A vulnerability classified as critical has been found in SourceCodester Food Ordering Management...
Moderate
Unreviewed
CVE-2024-8557
was published
Sep 7, 2024
The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to...
Moderate
Unreviewed
CVE-2024-7620
was published
Sep 7, 2024
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all...
Moderate
Unreviewed
CVE-2024-6010
was published
Sep 7, 2024
The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored...
Moderate
Unreviewed
CVE-2024-6849
was published
Sep 7, 2024
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue...
Moderate
Unreviewed
CVE-2024-8523
was published
Sep 7, 2024
The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-8538
was published
Sep 7, 2024
A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected...
Moderate
Unreviewed
CVE-2024-8521
was published
Sep 7, 2024
Exposure of debug and metrics endpoints in Pomerium
Moderate
CVE-2022-24797
was published
for
github.com/pomerium/pomerium
(Go)
Sep 6, 2024
gix-path improperly resolves configuration path reported by Git
Moderate
CVE-2024-45405
was published
for
gix-path
(Rust)
Sep 6, 2024
gnark's Groth16 commitment extension unsound for more than one commitment
Moderate
CVE-2024-45039
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
Moderate
CVE-2024-45040
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If...
Moderate
Unreviewed
CVE-2024-27126
was published
Sep 6, 2024
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating...
Moderate
Unreviewed
CVE-2023-51368
was published
Sep 6, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions...
Moderate
Unreviewed
CVE-2024-21904
was published
Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating...
Moderate
Unreviewed
CVE-2023-50366
was published
Sep 6, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system...
Moderate
Unreviewed
CVE-2024-21906
was published
Sep 6, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system...
Moderate
Unreviewed
CVE-2024-21903
was published
Sep 6, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several...
Moderate
Unreviewed
CVE-2024-32763
was published
Sep 6, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several...
Moderate
Unreviewed
CVE-2023-51367
was published
Sep 6, 2024
ProTip!
Advisories are also available from the
GraphQL API