GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
109,406 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37554
was published
Jul 6, 2024
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server...
Moderate
Unreviewed
CVE-2024-6095
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37553
was published
Jul 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-37547
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37546
was published
Jul 6, 2024
Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This...
Moderate
Unreviewed
CVE-2024-37542
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37541
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37539
was published
Jul 6, 2024
Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects...
Moderate
Unreviewed
CVE-2024-37208
was published
Jul 6, 2024
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and...
Moderate
Unreviewed
CVE-2024-5616
was published
Jul 6, 2024
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Moderate
CVE-2024-31223
was published
for
ethyca-fides
(pip)
Jul 5, 2024
ai-controller-frontend payment status in basket isn't reset
Moderate
CVE-2024-39325
was published
for
aimeos/ai-controller-frontend
(Composer)
Jul 5, 2024
Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx
Moderate
GHSA-fqpg-rq76-99pq
was published
for
github.com/jackc/pgx/v5
(Go)
Jul 5, 2024
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Moderate
CVE-2024-39691
was published
for
matrix-appservice-irc
(npm)
Jul 5, 2024
ZITADEL Vulnerable to Session Information Leakage
Moderate
CVE-2024-39683
was published
for
github.com/zitadel/zitadel
(Go)
Jul 5, 2024
Denial of service via malicious preflight requests in github.com/rs/cors
Moderate
GHSA-mh55-gqvf-xfwm
was published
for
github.com/rs/cors
(Go)
Jul 5, 2024
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Moderate
CVE-2024-39315
was published
for
github.com/pomerium/pomerium
(Go)
Jul 5, 2024
A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter...
Moderate
Unreviewed
CVE-2024-6526
was published
Jul 5, 2024
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio...
Moderate
Unreviewed
CVE-2024-6505
was published
Jul 5, 2024
HCL Nomad server on Domino fails to properly handle users configured with limited Domino access...
Moderate
Unreviewed
CVE-2024-23588
was published
Jul 5, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It...
Moderate
Unreviewed
CVE-2024-6525
was published
Jul 5, 2024
A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic....
Moderate
Unreviewed
CVE-2024-6523
was published
Jul 5, 2024
A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by...
Moderate
Unreviewed
CVE-2024-6524
was published
Jul 5, 2024
A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by...
Moderate
Unreviewed
CVE-2024-6511
was published
Jul 4, 2024
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue...
Moderate
Unreviewed
CVE-2024-37474
was published
Jul 4, 2024
ProTip!
Advisories are also available from the
GraphQL API