GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
848 advisories
Filter by severity
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Moderate
Unreviewed
CVE-2024-36075
was published
Jun 27, 2024
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute...
Moderate
Unreviewed
CVE-2023-26877
was published
Jun 26, 2024
SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote attacker to execute arbitrary...
Moderate
Unreviewed
CVE-2024-33335
was published
Jun 20, 2024
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code...
Moderate
Unreviewed
CVE-2024-36531
was published
Jun 10, 2024
Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12...
Moderate
Unreviewed
CVE-2024-31396
was published
May 22, 2024
In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file...
Moderate
Unreviewed
CVE-2024-36078
was published
May 19, 2024
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for...
Moderate
Unreviewed
CVE-2024-31974
was published
May 17, 2024
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an...
Moderate
Unreviewed
CVE-2024-3044
was published
May 14, 2024
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory...
Moderate
Unreviewed
CVE-2024-34225
was published
May 14, 2024
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert...
Moderate
Unreviewed
CVE-2024-29209
was published
May 7, 2024
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the...
Moderate
Unreviewed
CVE-2024-33442
was published
May 1, 2024
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows...
Moderate
Unreviewed
CVE-2024-32404
was published
Apr 26, 2024
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug...
Moderate
Unreviewed
CVE-2024-20359
was published
Apr 24, 2024
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute...
Moderate
Unreviewed
CVE-2023-51797
was published
Apr 19, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2024-29991
was published
Apr 19, 2024
An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to...
Moderate
Unreviewed
CVE-2024-30567
was published
Apr 16, 2024
Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to...
Moderate
Unreviewed
CVE-2024-31648
was published
Apr 15, 2024
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side...
Moderate
Unreviewed
CVE-2024-3785
was published
Apr 15, 2024
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side...
Moderate
Unreviewed
CVE-2024-3786
was published
Apr 15, 2024
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2023-6494
was published
Apr 13, 2024
Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote...
Moderate
Unreviewed
CVE-2024-30845
was published
Apr 12, 2024
\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute...
Moderate
Unreviewed
CVE-2023-44853
was published
Apr 12, 2024
A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to...
Moderate
Unreviewed
CVE-2024-30878
was published
Apr 11, 2024
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket.
Moderate
Unreviewed
CVE-2024-27476
was published
Apr 10, 2024
A improper neutralization of special elements used in a template engine [CWE-1336] in...
Moderate
Unreviewed
CVE-2023-47542
was published
Apr 9, 2024
ProTip!
Advisories are also available from the
GraphQL API