GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
95,369 advisories
Filter by severity
Incorrect Authorization vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: through...
High
Unreviewed
CVE-2024-38856
was published
Aug 5, 2024
The lacks CSRF checks allowing a user to invite any user to any group (including private groups)
High
Unreviewed
CVE-2024-2232
was published
Aug 5, 2024
Multiple Pimax products accept WebSocket connections from unintended endpoints. If this...
High
Unreviewed
CVE-2024-41889
was published
Aug 5, 2024
Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability
High
CVE-2024-39713
was published
for
rocket.chat
(npm)
Aug 5, 2024
A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu...
High
Unreviewed
CVE-2024-7465
was published
Aug 5, 2024
A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability...
High
Unreviewed
CVE-2024-7463
was published
Aug 5, 2024
A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216....
High
Unreviewed
CVE-2024-7462
was published
Aug 5, 2024
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable...
High
Unreviewed
CVE-2024-6331
was published
Aug 4, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has...
High
Unreviewed
CVE-2024-7441
was published
Aug 3, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and...
High
Unreviewed
CVE-2024-7439
was published
Aug 3, 2024
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification...
High
Unreviewed
CVE-2024-7031
was published
Aug 3, 2024
The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up...
High
Unreviewed
CVE-2024-7291
was published
Aug 3, 2024
WD Discovery
versions prior to 5.0.589 contain a misconfiguration in the Node.js environment...
High
Unreviewed
CVE-2024-22169
was published
Aug 2, 2024
openstack-heat may disclose sensitive information
High
CVE-2024-7319
was published
for
openstack-heat
(pip)
Aug 2, 2024
SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute...
High
Unreviewed
CVE-2024-28297
was published
Aug 2, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly...
High
Unreviewed
CVE-2024-38888
was published
Aug 2, 2024
Path traversal in Reposilite javadoc file expansion (arbitrary file creation/overwrite) (`GHSL-2024-073`)
High
CVE-2024-36116
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
Reposilite artifacts vulnerable to Stored Cross-site Scripting
High
CVE-2024-36115
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly...
High
Unreviewed
CVE-2024-38885
was published
Aug 2, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly...
High
Unreviewed
CVE-2024-38881
was published
Aug 2, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly...
High
Unreviewed
CVE-2024-38884
was published
Aug 2, 2024
Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a...
High
Unreviewed
CVE-2024-33894
was published
Aug 2, 2024
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in...
High
Unreviewed
CVE-2024-41518
was published
Aug 2, 2024
Commands can be injected over the network and executed without authentication.
High
Unreviewed
CVE-2024-7029
was published
Aug 2, 2024
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and...
High
Unreviewed
CVE-2024-38890
was published
Aug 2, 2024
ProTip!
Advisories are also available from the
GraphQL API