GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
109,744 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird...
Moderate
Unreviewed
CVE-2024-37504
was published
Jul 10, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pauple Table &...
Moderate
Unreviewed
CVE-2024-37498
was published
Jul 10, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Croogo...
Moderate
Unreviewed
CVE-2024-6647
was published
Jul 10, 2024
A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic....
Moderate
Unreviewed
CVE-2024-6646
was published
Jul 10, 2024
Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This...
Moderate
Unreviewed
CVE-2024-37205
was published
Jul 10, 2024
Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin...
Moderate
Unreviewed
CVE-2024-37270
was published
Jul 10, 2024
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session...
Moderate
Unreviewed
CVE-2023-33860
was published
Jul 10, 2024
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject...
Moderate
Unreviewed
CVE-2023-35006
was published
Jul 10, 2024
IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login...
Moderate
Unreviewed
CVE-2023-33859
was published
Jul 10, 2024
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local...
Moderate
Unreviewed
CVE-2024-20456
was published
Jul 10, 2024
A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared...
Moderate
Unreviewed
CVE-2024-6645
was published
Jul 10, 2024
A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical....
Moderate
Unreviewed
CVE-2024-6644
was published
Jul 10, 2024
ServiceNow has addressed a sensitive file read vulnerability that was identified in the...
Moderate
Unreviewed
CVE-2024-5178
was published
Jul 10, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Moderate
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
Decidim cross-site scripting (XSS) in the admin panel
Moderate
CVE-2024-27095
was published
for
decidim-admin
(RubyGems)
Jul 10, 2024
idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'
Moderate
Unreviewed
CVE-2024-40336
was published
Jul 10, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via ...
Moderate
Unreviewed
CVE-2024-40328
was published
Jul 10, 2024
Decidim vulnerable to data disclosure through the embed feature
Moderate
CVE-2024-27090
was published
for
decidim
(RubyGems)
Jul 10, 2024
PrivateBin allows shortening of URLs for other domains
Moderate
CVE-2024-39899
was published
for
privatebin/privatebin
(Composer)
Jul 10, 2024
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-5664
was published
Jul 10, 2024
The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-6556
was published
Jul 10, 2024
Duplicate Advisory: Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting
Moderate
GHSA-52jw-f3jq-hhwg
was published
for
auth0/wordpress
(Composer)
Jul 10, 2024
•
withdrawn
Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970...
Moderate
Unreviewed
CVE-2024-36453
was published
Jul 10, 2024
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-6410
was published
Jul 10, 2024
Django vulnerable to user enumeration attack
Moderate
CVE-2024-39329
was published
for
Django
(pip)
Jul 10, 2024
ProTip!
Advisories are also available from the
GraphQL API