Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

906 advisories

Loading
In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file... Moderate Unreviewed
CVE-2024-36078 was published May 19, 2024
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for... Moderate Unreviewed
CVE-2024-31974 was published May 17, 2024
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an... Moderate Unreviewed
CVE-2024-3044 was published May 14, 2024
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory... Moderate Unreviewed
CVE-2024-34225 was published May 14, 2024
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert... Moderate Unreviewed
CVE-2024-29209 was published May 7, 2024
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
kubevirt allows a local attacker to execute arbitrary code via a crafted command Moderate
CVE-2024-33394 was published for kubevirt.io/kubevirt (Go) May 2, 2024
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the... Moderate Unreviewed
CVE-2024-33442 was published May 1, 2024
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows... Moderate Unreviewed
CVE-2024-32404 was published Apr 26, 2024
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug... Moderate Unreviewed
CVE-2024-20359 was published Apr 24, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2024-29991 was published Apr 19, 2024
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute... Moderate Unreviewed
CVE-2023-51797 was published Apr 19, 2024
An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to... Moderate Unreviewed
CVE-2024-30567 was published Apr 16, 2024
Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to... Moderate Unreviewed
CVE-2024-31648 was published Apr 15, 2024
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side... Moderate Unreviewed
CVE-2024-3786 was published Apr 15, 2024
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side... Moderate Unreviewed
CVE-2024-3785 was published Apr 15, 2024
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2023-6494 was published Apr 13, 2024
Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote... Moderate Unreviewed
CVE-2024-30845 was published Apr 12, 2024
\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute... Moderate Unreviewed
CVE-2023-44853 was published Apr 12, 2024
Code injection in Apache Zeppelin Shell Moderate
CVE-2024-31861 was published for org.apache.zeppelin:zeppelin-shell (Maven) Apr 11, 2024
raboof
A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to... Moderate Unreviewed
CVE-2024-30878 was published Apr 11, 2024
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket. Moderate Unreviewed
CVE-2024-27476 was published Apr 10, 2024
There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote... Moderate Unreviewed
CVE-2024-25706 was published Apr 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database