GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,952
Composer 4,274
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,419
Pub 12
RubyGems 891
Rust 872
Swift 36

Unreviewed advisories

All unreviewed 238,580

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

831 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an... Moderate Unreviewed

CVE-2024-6940 was published Jul 21, 2024

Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken... Moderate Unreviewed

CVE-2024-37405 was published Jul 12, 2024

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary... Moderate Unreviewed

CVE-2024-40735 was published Jul 9, 2024

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary... Moderate Unreviewed

CVE-2024-40726 was published Jul 9, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja... Moderate Unreviewed

CVE-2024-37934 was published Jul 9, 2024

QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers... Moderate Unreviewed

CVE-2024-39165 was published Jul 4, 2024

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function... Moderate Unreviewed

CVE-2024-39002 was published Jul 1, 2024

Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function... Moderate Unreviewed

CVE-2024-38990 was published Jul 1, 2024

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... Moderate Unreviewed

CVE-2024-36075 was published Jun 27, 2024

luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the... Moderate Unreviewed

CVE-2024-39209 was published Jun 27, 2024

File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute... Moderate Unreviewed

CVE-2023-26877 was published Jun 26, 2024

SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote attacker to execute arbitrary... Moderate Unreviewed

CVE-2024-33335 was published Jun 20, 2024

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code... Moderate Unreviewed

CVE-2024-36531 was published Jun 10, 2024

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12... Moderate Unreviewed

CVE-2024-31396 was published May 22, 2024

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file... Moderate Unreviewed

CVE-2024-36078 was published May 19, 2024

The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for... Moderate Unreviewed

CVE-2024-31974 was published May 17, 2024

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an... Moderate Unreviewed

CVE-2024-3044 was published May 14, 2024

Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory... Moderate Unreviewed

CVE-2024-34225 was published May 14, 2024

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert... Moderate Unreviewed

CVE-2024-29209 was published May 7, 2024

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the... Moderate Unreviewed

CVE-2024-33442 was published May 1, 2024

Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows... Moderate Unreviewed

CVE-2024-32404 was published Apr 26, 2024

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug... Moderate Unreviewed

CVE-2024-20359 was published Apr 24, 2024

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Moderate Unreviewed

CVE-2024-29991 was published Apr 19, 2024

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute... Moderate Unreviewed

CVE-2023-51797 was published Apr 19, 2024

An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to... Moderate Unreviewed

CVE-2024-30567 was published Apr 16, 2024

Previous 1 2 3 4 5 … 33 34 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

831 advisories