Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

93,966 advisories

Loading
Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz:... High Unreviewed
CVE-2024-37260 was published Jul 6, 2024
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such... High Unreviewed
CVE-2024-5753 was published Jul 5, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik (Go) Jul 5, 2024
MWedl
Server Side Request Forgery (SSRF) attack in Fedify High
CVE-2024-39687 was published for @fedify/fedify (npm) Jul 5, 2024
ThisIsMissEm
Certifi removes GLOBALTRUST root certificate High
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files. High Unreviewed
CVE-2024-39937 was published Jul 5, 2024
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x... High Unreviewed
CVE-2024-39936 was published Jul 4, 2024
Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated... High Unreviewed
CVE-2024-39934 was published Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue... High Unreviewed
CVE-2024-37472 was published Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This... High Unreviewed
CVE-2024-37471 was published Jul 4, 2024
Gogs allows argument injection during the tagging of a new release High
CVE-2024-39933 was published for github.com/gogs/gogs (Go) Jul 4, 2024
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the ... High Unreviewed
CVE-2024-6506 was published Jul 4, 2024
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in... High Unreviewed
CVE-2024-6507 was published Jul 4, 2024
The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... High Unreviewed
CVE-2024-5943 was published Jul 4, 2024
Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on... High Unreviewed
CVE-2024-3904 was published Jul 4, 2024
Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi... High Unreviewed
CVE-2024-1182 was published Jul 4, 2024
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2024-6318 was published Jul 4, 2024
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2024-6319 was published Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in... High Unreviewed
CVE-2024-2385 was published Jul 4, 2024
Apache Tomcat - Denial of Service High
CVE-2024-34750 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 3, 2024
westonsteimel
Cross-Site Request Forgery (CSRF) in stitionai/devika High Unreviewed
CVE-2024-5887 was published Jul 3, 2024
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of... High Unreviewed
CVE-2024-32937 was published Jul 3, 2024
A high privileged remote attacker can execute arbitrary system commands via GET requests due to... High Unreviewed
CVE-2024-5672 was published Jul 3, 2024
Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An... High Unreviewed
CVE-2024-6427 was published Jul 3, 2024
Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which... High Unreviewed
CVE-2024-6426 was published Jul 3, 2024
ProTip! Advisories are also available from the GraphQL API