GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
241,124 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37554
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37553
was published
Jul 6, 2024
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server...
Moderate
Unreviewed
CVE-2024-6095
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37546
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37539
was published
Jul 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-37547
was published
Jul 6, 2024
Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This...
Moderate
Unreviewed
CVE-2024-37542
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37541
was published
Jul 6, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS...
Low
Unreviewed
CVE-2024-37234
was published
Jul 6, 2024
Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz:...
High
Unreviewed
CVE-2024-37260
was published
Jul 6, 2024
In the Linux kernel, the following vulnerability has been resolved:
drm/drm_file: Fix pid...
Unknown
Unreviewed
CVE-2024-39486
was published
Jul 6, 2024
Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects...
Moderate
Unreviewed
CVE-2024-37208
was published
Jul 6, 2024
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and...
Moderate
Unreviewed
CVE-2024-5616
was published
Jul 6, 2024
The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores...
Low
Unreviewed
CVE-2024-40594
was published
Jul 6, 2024
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not...
High
Unreviewed
CVE-2024-6387
was published
Jul 1, 2024
A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before...
Unknown
Unreviewed
CVE-2024-33862
was published
Jul 6, 2024
An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access...
Unknown
Unreviewed
CVE-2024-39182
was published
Jul 6, 2024
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read...
Unknown
Unreviewed
CVE-2023-52169
was published
Jul 3, 2024
A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects...
Moderate
Unreviewed
CVE-2024-0986
was published
Jan 29, 2024
In the Linux kernel, the following vulnerability has been resolved:
mm: huge_memory: don't force...
Unknown
Unreviewed
CVE-2024-26621
was published
Mar 3, 2024
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer...
Unknown
Unreviewed
CVE-2023-52168
was published
Jul 3, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io
Moderate
CVE-2021-41092
was published
for
github.com/docker/cli
(Go)
Jun 10, 2024
PocketBase performs password auth and OAuth2 unverified email linking
Moderate
CVE-2024-38351
was published
for
github.com/pocketbase/pocketbase
(Go)
Jun 18, 2024
rke's credentials are stored in the RKE1 Cluster state ConfigMap
Critical
CVE-2023-32191
was published
for
github.com/rancher/rke
(Go)
Jun 17, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Moderate
CVE-2024-38359
was published
for
github.com/lightningnetwork/lnd
(Go)
Jun 20, 2024
ProTip!
Advisories are also available from the
GraphQL API