GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,781
NuGet
681
pip
3,460
Pub
12
RubyGems
893
Rust
890
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
848 advisories
Filter by severity
There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote...
Moderate
Unreviewed
CVE-2024-25706
was published
Apr 4, 2024
Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to...
Moderate
Unreviewed
CVE-2024-31013
was published
Apr 3, 2024
Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2,...
Moderate
Unreviewed
CVE-2024-28005
was published
Mar 28, 2024
A user with administrative privileges can create a compromised dll file of the same name as the...
Moderate
Unreviewed
CVE-2024-2209
was published
Mar 27, 2024
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload...
Moderate
Unreviewed
CVE-2024-22724
was published
Mar 21, 2024
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the...
Moderate
Unreviewed
CVE-2024-2016
was published
Mar 21, 2024
An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the...
Moderate
Unreviewed
CVE-2024-25359
was published
Mar 21, 2024
Using a markup injection an attacker could have stolen nonce values. This could have been used to...
Moderate
Unreviewed
CVE-2024-2610
was published
Mar 19, 2024
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2024-2497
was published
Mar 15, 2024
A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing...
Moderate
Unreviewed
CVE-2024-27627
was published
Mar 5, 2024
Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management...
Moderate
Unreviewed
CVE-2024-25202
was published
Feb 28, 2024
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG...
Moderate
Unreviewed
CVE-2024-1885
was published
Feb 26, 2024
A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue...
Moderate
Unreviewed
CVE-2024-1705
was published
Feb 21, 2024
Vintage,
member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay...
Moderate
Unreviewed
CVE-2023-5800
was published
Feb 5, 2024
Brandon
Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi
did not have a...
Moderate
Unreviewed
CVE-2023-5677
was published
Feb 5, 2024
An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate...
Moderate
Unreviewed
CVE-2023-51820
was published
Feb 2, 2024
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker...
Moderate
Unreviewed
CVE-2023-37518
was published
Jan 30, 2024
A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue...
Moderate
Unreviewed
CVE-2024-0738
was published
Jan 20, 2024
[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to ...
Moderate
Unreviewed
CVE-2023-6548
was published
Jan 17, 2024
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android...
Moderate
Unreviewed
CVE-2023-6540
was published
Jan 3, 2024
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to...
Moderate
Unreviewed
CVE-2023-41783
was published
Jan 3, 2024
A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by...
Moderate
Unreviewed
CVE-2024-0196
was published
Jan 3, 2024
A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is...
Moderate
Unreviewed
CVE-2024-0195
was published
Jan 2, 2024
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (...
Moderate
Unreviewed
CVE-2023-31296
was published
Dec 29, 2023
A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by...
Moderate
Unreviewed
CVE-2023-6899
was published
Dec 17, 2023
ProTip!
Advisories are also available from the
GraphQL API