GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,675 advisories
Filter by severity
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS...
Low
Unreviewed
CVE-2024-37234
was published
Jul 6, 2024
The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores...
Low
Unreviewed
CVE-2024-40594
was published
Jul 6, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Low
GHSA-xr7q-jx4m-x55m
was published
for
github.com/grpc/grpc-go
(Go)
Jul 5, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial...
Low
Unreviewed
CVE-2024-32754
was published
Jul 4, 2024
The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial...
Low
Unreviewed
CVE-2024-6434
was published
Jul 4, 2024
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any...
Low
Unreviewed
CVE-2024-6126
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a...
Low
Unreviewed
CVE-2024-39807
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads...
Low
Unreviewed
CVE-2024-39353
was published
Jul 3, 2024
Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent...
Low
Unreviewed
CVE-2024-39361
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote...
Low
Unreviewed
CVE-2024-36257
was published
Jul 3, 2024
Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly...
Low
Unreviewed
CVE-2024-32673
was published
Jul 3, 2024
Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to...
Low
Unreviewed
CVE-2024-34597
was published
Jul 2, 2024
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to...
Low
Unreviewed
CVE-2024-34600
was published
Jul 2, 2024
Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to...
Low
Unreviewed
CVE-2024-34599
was published
Jul 2, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
Low
CVE-2024-39324
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Low
CVE-2024-38537
was published
for
ethyca-fides
(pip)
Jul 2, 2024
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type...
Low
Unreviewed
CVE-2024-31071
was published
Jul 2, 2024
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type...
Low
Unreviewed
CVE-2024-36278
was published
Jul 2, 2024
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by...
Low
Unreviewed
CVE-2024-3995
was published
Jun 29, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component ...
Low
Unreviewed
CVE-2024-39157
was published
Jun 27, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component ...
Low
Unreviewed
CVE-2024-39156
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11...
Low
Unreviewed
CVE-2024-4011
was published
Jun 27, 2024
Low severity (DoS) vulnerability in sequoia-openpgp
Low
GHSA-9344-p847-qm5c
was published
for
sequoia-openpgp
(Rust)
Jun 26, 2024
Exposure of secrets through system log in Jenkins Structs Plugin
Low
CVE-2024-39458
was published
for
org.jenkins-ci.plugins:structs
(Maven)
Jun 26, 2024
October System module has an Open Redirect for Administrator Accounts
Low
CVE-2024-24764
was published
for
october/system
(Composer)
Jun 26, 2024
ProTip!
Advisories are also available from the
GraphQL API