GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
113,770 advisories
Filter by severity
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of...
Moderate
Unreviewed
CVE-2023-39215
was published
Sep 12, 2023
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure...
Moderate
Unreviewed
CVE-2024-24698
was published
Feb 14, 2024
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom...
Moderate
Unreviewed
CVE-2023-39203
was published
Nov 15, 2023
A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by...
Moderate
Unreviewed
CVE-2024-9293
was published
Sep 27, 2024
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to...
Moderate
Unreviewed
CVE-2024-9291
was published
Sep 27, 2024
The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when...
Moderate
Unreviewed
CVE-2024-8047
was published
Sep 17, 2024
The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter...
Moderate
Unreviewed
CVE-2024-6723
was published
Sep 13, 2024
In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.
Moderate
Unreviewed
CVE-2024-9160
was published
Sep 27, 2024
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape...
Moderate
Unreviewed
CVE-2024-6493
was published
Sep 13, 2024
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI']...
Moderate
Unreviewed
CVE-2024-8056
was published
Sep 12, 2024
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for...
Moderate
Unreviewed
CVE-2024-7133
was published
Sep 13, 2024
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape...
Moderate
Unreviewed
CVE-2024-6617
was published
Sep 13, 2024
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an...
Moderate
Unreviewed
CVE-2023-36535
was published
Aug 8, 2023
OpenStack Keystone does not check signature TTL of the EC2 credential auth method
Moderate
CVE-2020-12692
was published
for
keystone
(pip)
May 24, 2022
Jupyter Notebook XSS via untrusted notebooks
Moderate
CVE-2018-19351
was published
for
notebook
(pip)
Nov 21, 2018
Moderate severity vulnerability that affects moin
Moderate
CVE-2017-5934
was published
for
moin
(pip)
Jan 4, 2019
Jupyter Notebook XSS via directory name
Moderate
CVE-2018-19352
was published
for
notebook
(pip)
Nov 21, 2018
MoinMoin Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2016-7146
was published
for
moin
(pip)
May 17, 2022
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Moderate
CVE-2024-47058
was published
for
mautic/core
(Composer)
Sep 18, 2024
powermail TYPO3 extension has Insecure Direct Object Reference
Moderate
CVE-2024-47047
was published
for
in2code/powermail
(Composer)
Sep 17, 2024
czim/file-handling vulnerable to SSRF and directory traversal
Moderate
CVE-2024-47049
was published
for
czim/file-handling
(Composer)
Sep 17, 2024
Cross-site scripting (XSS) in the clipboard package
Moderate
CVE-2024-45613
was published
for
@ckeditor/ckeditor5-clipboard
(npm)
Sep 25, 2024
iRedAdmin before 2.6 allows XSS, e.g., via order_name.
Moderate
Unreviewed
CVE-2024-47227
was published
Sep 23, 2024
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in...
Moderate
Unreviewed
CVE-2023-2747
was published
Jun 15, 2023
The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its...
Moderate
Unreviewed
CVE-2024-6850
was published
Sep 13, 2024
ProTip!
Advisories are also available from the
GraphQL API