GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
108,855 advisories
Filter by severity
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2024-6262
was published
Jun 27, 2024
A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This...
Moderate
Unreviewed
CVE-2024-6367
was published
Jun 27, 2024
A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue...
Moderate
Unreviewed
CVE-2024-6368
was published
Jun 27, 2024
The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2024-5601
was published
Jun 27, 2024
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu,...
Moderate
Unreviewed
CVE-2024-4983
was published
Jun 27, 2024
Directory creation by malicious user in saltstack
Moderate
CVE-2024-22231
was published
for
salt
(pip)
Jun 27, 2024
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-6283
was published
Jun 27, 2024
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-4570
was published
Jun 27, 2024
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-4569
was published
Jun 27, 2024
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-5289
was published
Jun 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37247
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11...
Moderate
Unreviewed
CVE-2024-2191
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11...
Moderate
Unreviewed
CVE-2024-1816
was published
Jun 27, 2024
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all...
Moderate
Unreviewed
CVE-2024-4557
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5...
Moderate
Unreviewed
CVE-2024-1493
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11...
Moderate
Unreviewed
CVE-2024-3959
was published
Jun 27, 2024
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5,...
Moderate
Unreviewed
CVE-2024-3115
was published
Jun 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37248
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11...
Moderate
Unreviewed
CVE-2024-5430
was published
Jun 27, 2024
A vulnerability was found in Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12. It has...
Moderate
Unreviewed
CVE-2024-6355
was published
Jun 26, 2024
Panic when parsing invalid palette-color images in golang.org/x/image
Moderate
CVE-2024-24792
was published
for
golang.org/x/image
(Go)
Jun 26, 2024
@fastly/js-compute has a use-after-free in some host call implementations
Moderate
CVE-2024-38375
was published
for
@fastly/js-compute
(npm)
Jun 26, 2024
Cross-site Scripting in ZenUML
Moderate
CVE-2024-38527
was published
for
@zenuml/core
(npm)
Jun 26, 2024
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
Moderate
CVE-2024-39459
was published
for
org.jenkins-ci.plugins:plain-credentials
(Maven)
Jun 26, 2024
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Moderate
CVE-2024-39460
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jun 26, 2024
ProTip!
Advisories are also available from the
GraphQL API