Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

94,400 advisories

Loading
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin... High Unreviewed
CVE-2024-5902 was published Jul 13, 2024
Windows MSHTML Platform Spoofing Vulnerability High Unreviewed
CVE-2024-38112 was published Jul 9, 2024
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the... High Unreviewed
CVE-2024-40544 was published Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS... High Unreviewed
CVE-2024-40545 was published Jul 12, 2024
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the... High Unreviewed
CVE-2024-28872 was published Jul 11, 2024
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by... High Unreviewed
CVE-2024-40522 was published Jul 12, 2024
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by... High Unreviewed
CVE-2024-40518 was published Jul 12, 2024
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp... High Unreviewed
CVE-2024-40519 was published Jul 12, 2024
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by... High Unreviewed
CVE-2024-40520 was published Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0... High Unreviewed
CVE-2024-40546 was published Jul 12, 2024
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability... High Unreviewed
CVE-2024-40552 was published Jul 12, 2024
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that... High Unreviewed
CVE-2024-40521 was published Jul 12, 2024
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the... High Unreviewed
CVE-2024-40543 was published Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of... High Unreviewed
CVE-2024-40550 was published Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS... High Unreviewed
CVE-2024-40551 was published Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0... High Unreviewed
CVE-2024-40548 was published Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS... High Unreviewed
CVE-2024-40549 was published Jul 12, 2024
Malware package cipherbcrypt High
GHSA-5grr-72f9-678v was published for cipherbcrypt (pip) Jul 12, 2024
Apache Wicket: Remote code execution via XSLT injection High
CVE-2024-36522 was published for org.apache.wicket:wicket-core (Maven) Jul 12, 2024
Local File Inclusion in Solara High
CVE-2024-39903 was published for solara (pip) Jul 12, 2024
sunriseXu
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2024-6468 was published for github.com/hashicorp/vault (Go) Jul 11, 2024
Gogs allows argument injection during the tagging of a new release High
CVE-2024-39933 was published for github.com/gogs/gogs (Go) Jul 4, 2024
electron-updater Code Signing Bypass on Windows High
CVE-2024-39698 was published for electron-updater (npm) Jul 9, 2024
mmaietta thomas-chauchefoin-bentley-systems
Apache Tomcat Improper Input Validation vulnerability High
CVE-2023-46589 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 28, 2023
biehl1
Django vulnerable to Denial of Service High
CVE-2024-38875 was published for Django (pip) Jul 10, 2024
ProTip! Advisories are also available from the GraphQL API