GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,849
Erlang
29
GitHub Actions
16
Go
1,716
Maven
4,951
npm
3,480
NuGet
605
pip
3,025
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
218,808 advisories
Filter by severity
Apport argument parsing mishandles filename splitting on older kernels resulting in argument...
Unknown
Unreviewed
CVE-2022-28658
was published
Jun 5, 2024
Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects...
Moderate
Unreviewed
CVE-2024-30525
was published
Jun 4, 2024
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can...
Moderate
Unreviewed
CVE-2024-4220
was published
Jun 4, 2024
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application,...
High
Unreviewed
CVE-2024-4520
was published
Jun 4, 2024
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors...
Moderate
Unreviewed
CVE-2024-4219
was published
Jun 4, 2024
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy...
Moderate
Unreviewed
CVE-2024-30528
was published
Jun 4, 2024
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12...
Unknown
Unreviewed
CVE-2024-37273
was published
Jun 4, 2024
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn...
Unknown
Unreviewed
CVE-2024-36604
was published
Jun 4, 2024
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12...
Unknown
Unreviewed
CVE-2024-36858
was published
Jun 4, 2024
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app...
Unknown
Unreviewed
CVE-2024-36857
was published
Jun 4, 2024
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor,...
Moderate
Unreviewed
CVE-2024-29152
was published
Jun 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-34759
was published
Jun 4, 2024
Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for...
High
Unreviewed
CVE-2024-25095
was published
Jun 4, 2024
Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue...
Moderate
Unreviewed
CVE-2024-30484
was published
Jun 4, 2024
Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.16.
High
Unreviewed
CVE-2024-35672
was published
Jun 4, 2024
Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects...
Moderate
Unreviewed
CVE-2024-35670
was published
Jun 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35651
was published
Jun 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35782
was published
Jun 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35653
was published
Jun 4, 2024
The SolarWinds Platform was determined to be affected by a stored cross-site scripting...
High
Unreviewed
CVE-2024-29004
was published
Jun 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35649
was published
Jun 4, 2024
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...
Unknown
Unreviewed
CVE-2024-36547
was published
Jun 4, 2024
Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation...
Critical
Unreviewed
CVE-2024-35700
was published
Jun 4, 2024
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack...
High
Unreviewed
CVE-2024-28996
was published
Jun 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-35652
was published
Jun 4, 2024
ProTip!
Advisories are also available from the
GraphQL API