Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

241,124 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37554 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37553 was published Jul 6, 2024
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server... Moderate Unreviewed
CVE-2024-6095 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37546 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37539 was published Jul 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2024-37547 was published Jul 6, 2024
Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This... Moderate Unreviewed
CVE-2024-37542 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37541 was published Jul 6, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS... Low Unreviewed
CVE-2024-37234 was published Jul 6, 2024
Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz:... High Unreviewed
CVE-2024-37260 was published Jul 6, 2024
In the Linux kernel, the following vulnerability has been resolved: drm/drm_file: Fix pid... Unknown Unreviewed
CVE-2024-39486 was published Jul 6, 2024
Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects... Moderate Unreviewed
CVE-2024-37208 was published Jul 6, 2024
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and... Moderate Unreviewed
CVE-2024-5616 was published Jul 6, 2024
The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores... Low Unreviewed
CVE-2024-40594 was published Jul 6, 2024
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not... High Unreviewed
CVE-2024-6387 was published Jul 1, 2024
A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before... Unknown Unreviewed
CVE-2024-33862 was published Jul 6, 2024
An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access... Unknown Unreviewed
CVE-2024-39182 was published Jul 6, 2024
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read... Unknown Unreviewed
CVE-2023-52169 was published Jul 3, 2024
A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects... Moderate Unreviewed
CVE-2024-0986 was published Jan 29, 2024
In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: don't force... Unknown Unreviewed
CVE-2024-26621 was published Mar 3, 2024
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer... Unknown Unreviewed
CVE-2023-52168 was published Jul 3, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
PocketBase performs password auth and OAuth2 unverified email linking Moderate
CVE-2024-38351 was published for github.com/pocketbase/pocketbase (Go) Jun 18, 2024
dalurness
rke's credentials are stored in the RKE1 Cluster state ConfigMap Critical
CVE-2023-32191 was published for github.com/rancher/rke (Go) Jun 17, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service Moderate
CVE-2024-38359 was published for github.com/lightningnetwork/lnd (Go) Jun 20, 2024
morehouse
ProTip! Advisories are also available from the GraphQL API