GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,028
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,157
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
244,475 advisories
Filter by severity
Apache Airflow Potential Cross-site Scripting Vulnerability
Moderate
CVE-2024-39863
was published
for
apache-airflow
(pip)
Jul 17, 2024
A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as...
Moderate
Unreviewed
CVE-2024-6899
was published
Jul 19, 2024
A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical....
Moderate
Unreviewed
CVE-2024-6009
was published
Jun 15, 2024
A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical....
Moderate
Unreviewed
CVE-2024-6013
was published
Jun 15, 2024
A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0....
Moderate
Unreviewed
CVE-2024-6015
was published
Jun 15, 2024
A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified...
Moderate
Unreviewed
CVE-2024-6898
was published
Jul 19, 2024
A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as...
Moderate
Unreviewed
CVE-2024-6900
was published
Jul 19, 2024
Calibre-Web Cross Site Scripting (XSS)
Moderate
CVE-2024-39123
was published
for
calibreweb
(pip)
Jul 19, 2024
A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry...
Moderate
Unreviewed
CVE-2024-6016
was published
Jun 15, 2024
A vulnerability classified as critical was found in SourceCodester Record Management System 1.0....
Moderate
Unreviewed
CVE-2024-6902
was published
Jul 19, 2024
A vulnerability, which was classified as critical, has been found in SourceCodester Record...
Moderate
Unreviewed
CVE-2024-6903
was published
Jul 19, 2024
Apache CXF Denial of Service vulnerability in JOSE
Moderate
CVE-2024-32007
was published
for
org.apache.cxf:cxf-rt-rs-security-jose
(Maven)
Jul 19, 2024
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
Low
CVE-2024-41172
was published
for
org.apache.cxf:cxf-rt-transports-http
(Maven)
Jul 19, 2024
Insufficient authentication in user account management in Yugabyte Platform allows local network...
Moderate
Unreviewed
CVE-2024-6895
was published
Jul 19, 2024
Automad arbitrary file upload vulnerability
High
CVE-2024-40400
was published
for
automad/automad
(Composer)
Jul 19, 2024
A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as...
Moderate
Unreviewed
CVE-2024-6808
was published
Jul 17, 2024
A vulnerability classified as critical has been found in SourceCodester Record Management System...
Moderate
Unreviewed
CVE-2024-6901
was published
Jul 19, 2024
A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic....
Low
Unreviewed
CVE-2024-3735
was published
Apr 13, 2024
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate...
Moderate
Unreviewed
CVE-2024-6908
was published
Jul 19, 2024
ProcessWire Cross Site Request Forgery vulnerability
Moderate
CVE-2024-41597
was published
for
processwire/processwire
(Composer)
Jul 19, 2024
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows....
Moderate
Unreviewed
CVE-2024-6746
was published
Jul 15, 2024
A vulnerability, which was classified as critical, has been found in SourceCodester Online...
Moderate
Unreviewed
CVE-2024-6801
was published
Jul 17, 2024
A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as...
Moderate
Unreviewed
CVE-2024-6803
was published
Jul 17, 2024
dbt has an implicit override for built-in materializations from installed packages
Moderate
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
ProTip!
Advisories are also available from the
GraphQL API