Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

109,406 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37554 was published Jul 6, 2024
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server... Moderate Unreviewed
CVE-2024-6095 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37553 was published Jul 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2024-37547 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37546 was published Jul 6, 2024
Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This... Moderate Unreviewed
CVE-2024-37542 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37541 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37539 was published Jul 6, 2024
Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects... Moderate Unreviewed
CVE-2024-37208 was published Jul 6, 2024
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and... Moderate Unreviewed
CVE-2024-5616 was published Jul 6, 2024
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL Moderate
CVE-2024-31223 was published for ethyca-fides (pip) Jul 5, 2024
RobertKeyser
ai-controller-frontend payment status in basket isn't reset Moderate
CVE-2024-39325 was published for aimeos/ai-controller-frontend (Composer) Jul 5, 2024
ssshah2131
Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx Moderate
GHSA-fqpg-rq76-99pq was published for github.com/jackc/pgx/v5 (Go) Jul 5, 2024
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to Moderate
CVE-2024-39691 was published for matrix-appservice-irc (npm) Jul 5, 2024
progval
ZITADEL Vulnerable to Session Information Leakage Moderate
CVE-2024-39683 was published for github.com/zitadel/zitadel (Go) Jul 5, 2024
cybertransformer livio-a
fforootd Avolicious srividyaj
Denial of service via malicious preflight requests in github.com/rs/cors Moderate
GHSA-mh55-gqvf-xfwm was published for github.com/rs/cors (Go) Jul 5, 2024
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response Moderate
CVE-2024-39315 was published for github.com/pomerium/pomerium (Go) Jul 5, 2024
Enr1g
A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter... Moderate Unreviewed
CVE-2024-6526 was published Jul 5, 2024
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio... Moderate Unreviewed
CVE-2024-6505 was published Jul 5, 2024
HCL Nomad server on Domino fails to properly handle users configured with limited Domino access... Moderate Unreviewed
CVE-2024-23588 was published Jul 5, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It... Moderate Unreviewed
CVE-2024-6525 was published Jul 5, 2024
A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic.... Moderate Unreviewed
CVE-2024-6523 was published Jul 5, 2024
A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by... Moderate Unreviewed
CVE-2024-6524 was published Jul 5, 2024
A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by... Moderate Unreviewed
CVE-2024-6511 was published Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue... Moderate Unreviewed
CVE-2024-37474 was published Jul 4, 2024
ProTip! Advisories are also available from the GraphQL API