GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
94,400 advisories
Filter by severity
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin...
High
Unreviewed
CVE-2024-5902
was published
Jul 13, 2024
Windows MSHTML Platform Spoofing Vulnerability
High
Unreviewed
CVE-2024-38112
was published
Jul 9, 2024
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the...
High
Unreviewed
CVE-2024-40544
was published
Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS...
High
Unreviewed
CVE-2024-40545
was published
Jul 12, 2024
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the...
High
Unreviewed
CVE-2024-28872
was published
Jul 11, 2024
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by...
High
Unreviewed
CVE-2024-40522
was published
Jul 12, 2024
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by...
High
Unreviewed
CVE-2024-40518
was published
Jul 12, 2024
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp...
High
Unreviewed
CVE-2024-40519
was published
Jul 12, 2024
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by...
High
Unreviewed
CVE-2024-40520
was published
Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0...
High
Unreviewed
CVE-2024-40546
was published
Jul 12, 2024
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability...
High
Unreviewed
CVE-2024-40552
was published
Jul 12, 2024
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that...
High
Unreviewed
CVE-2024-40521
was published
Jul 12, 2024
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the...
High
Unreviewed
CVE-2024-40543
was published
Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of...
High
Unreviewed
CVE-2024-40550
was published
Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS...
High
Unreviewed
CVE-2024-40551
was published
Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0...
High
Unreviewed
CVE-2024-40548
was published
Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS...
High
Unreviewed
CVE-2024-40549
was published
Jul 12, 2024
Malware package cipherbcrypt
High
GHSA-5grr-72f9-678v
was published
for
cipherbcrypt
(pip)
Jul 12, 2024
Apache Wicket: Remote code execution via XSLT injection
High
CVE-2024-36522
was published
for
org.apache.wicket:wicket-core
(Maven)
Jul 12, 2024
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2024-6468
was published
for
github.com/hashicorp/vault
(Go)
Jul 11, 2024
Gogs allows argument injection during the tagging of a new release
High
CVE-2024-39933
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
Apache Tomcat Improper Input Validation vulnerability
High
CVE-2023-46589
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 28, 2023
Django vulnerable to Denial of Service
High
CVE-2024-38875
was published
for
Django
(pip)
Jul 10, 2024
ProTip!
Advisories are also available from the
GraphQL API