GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
93,966 advisories
Filter by severity
Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz:...
High
Unreviewed
CVE-2024-37260
was published
Jul 6, 2024
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such...
High
Unreviewed
CVE-2024-5753
was published
Jul 5, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
High
CVE-2024-39321
was published
for
github.com/traefik/traefik
(Go)
Jul 5, 2024
Server Side Request Forgery (SSRF) attack in Fedify
High
CVE-2024-39687
was published
for
@fedify/fedify
(npm)
Jul 5, 2024
Certifi removes GLOBALTRUST root certificate
High
CVE-2024-39689
was published
for
certifi
(pip)
Jul 5, 2024
supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files.
High
Unreviewed
CVE-2024-39937
was published
Jul 5, 2024
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x...
High
Unreviewed
CVE-2024-39936
was published
Jul 4, 2024
Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated...
High
Unreviewed
CVE-2024-39934
was published
Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue...
High
Unreviewed
CVE-2024-37472
was published
Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This...
High
Unreviewed
CVE-2024-37471
was published
Jul 4, 2024
Gogs allows argument injection during the tagging of a new release
High
CVE-2024-39933
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the ...
High
Unreviewed
CVE-2024-6506
was published
Jul 4, 2024
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in...
High
Unreviewed
CVE-2024-6507
was published
Jul 4, 2024
The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions...
High
Unreviewed
CVE-2024-5943
was published
Jul 4, 2024
Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on...
High
Unreviewed
CVE-2024-3904
was published
Jul 4, 2024
Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi...
High
Unreviewed
CVE-2024-1182
was published
Jul 4, 2024
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file...
High
Unreviewed
CVE-2024-6318
was published
Jul 4, 2024
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file...
High
Unreviewed
CVE-2024-6319
was published
Jul 4, 2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in...
High
Unreviewed
CVE-2024-2385
was published
Jul 4, 2024
Apache Tomcat - Denial of Service
High
CVE-2024-34750
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jul 3, 2024
Cross-Site Request Forgery (CSRF) in stitionai/devika
High
Unreviewed
CVE-2024-5887
was published
Jul 3, 2024
An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of...
High
Unreviewed
CVE-2024-32937
was published
Jul 3, 2024
A high privileged remote attacker can execute arbitrary system commands via GET requests due to...
High
Unreviewed
CVE-2024-5672
was published
Jul 3, 2024
Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An...
High
Unreviewed
CVE-2024-6427
was published
Jul 3, 2024
Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which...
High
Unreviewed
CVE-2024-6426
was published
Jul 3, 2024
ProTip!
Advisories are also available from the
GraphQL API