GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,024
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
111,028 advisories
Filter by severity
Scrypted Cross-site Scripting vulnerability
Moderate
CVE-2023-47623
was published
for
@scrypted/core
(npm)
Aug 5, 2024
Scrypted Cross-site Scripting vulnerability
Moderate
CVE-2023-47620
was published
for
@scrypted/server
(npm)
Aug 5, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication
Moderate
CVE-2023-28857
was published
for
org.apereo.cas:cas-server-support-x509-core
(Maven)
Aug 5, 2024
lorawan-stack Open Redirect vulnerability
Moderate
CVE-2023-26494
was published
for
go.thethings.network/lorawan-stack/v3
(Go)
Aug 5, 2024
Alpine allows Authentication Filter bypass
Moderate
CVE-2022-23554
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
Editor.js vulnerable to Code Injection
Moderate
CVE-2022-23474
was published
for
@editorjs/editorjs
(npm)
Aug 5, 2024
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
Moderate
CVE-2024-34343
was published
for
nuxt
(npm)
Aug 5, 2024
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite...
Moderate
Unreviewed
CVE-2024-21978
was published
Aug 5, 2024
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to...
Moderate
Unreviewed
CVE-2023-31355
was published
Aug 5, 2024
Microweber Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2024-41380
was published
for
microweber/microweber
(Composer)
Aug 5, 2024
Microweber Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2024-41381
was published
for
microweber/microweber
(Composer)
Aug 5, 2024
Kubean vulnerable to cluster-level privilege escalation
Moderate
CVE-2024-41820
was published
for
github.com/kubean-io/kubean
(Go)
Aug 5, 2024
Information disclosure while handling beacon probe frame during scan entry generation in client...
Moderate
Unreviewed
CVE-2024-21467
was published
Aug 5, 2024
Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
Moderate
Unreviewed
CVE-2024-23357
was published
Aug 5, 2024
Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR...
Moderate
Unreviewed
CVE-2024-23350
was published
Aug 5, 2024
Information disclosure while handling beacon or probe response frame in STA.
Moderate
Unreviewed
CVE-2024-21459
was published
Aug 5, 2024
A flaw was found in libnbd. The client did not always correctly verify the NBD server's...
Moderate
Unreviewed
CVE-2024-7383
was published
Aug 5, 2024
In regclient, pinned manifest digests may be ignored
Moderate
GHSA-qv35-3gw6-8q4j
was published
for
github.com/regclient/regclient
(Go)
Aug 5, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Moderate
CVE-2024-42447
was published
for
apache-airflow-providers-fab
(pip)
Aug 5, 2024
The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its...
Moderate
Unreviewed
CVE-2024-6270
was published
Aug 5, 2024
The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is...
Moderate
Unreviewed
CVE-2024-5081
was published
Aug 5, 2024
The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some...
Moderate
Unreviewed
CVE-2024-3636
was published
Aug 5, 2024
The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which...
Moderate
Unreviewed
CVE-2024-6710
was published
Aug 5, 2024
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been...
Moderate
Unreviewed
CVE-2024-7469
was published
Aug 5, 2024
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been...
Moderate
Unreviewed
CVE-2024-7470
was published
Aug 5, 2024
ProTip!
Advisories are also available from the
GraphQL API