GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
240,683 advisories
Filter by severity
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin...
Critical
Unreviewed
CVE-2024-6265
was published
Jun 29, 2024
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2024-6405
was published
Jun 29, 2024
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in...
High
Unreviewed
CVE-2024-5598
was published
Jun 29, 2024
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in...
Moderate
Unreviewed
CVE-2024-5942
was published
Jun 29, 2024
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5889
was published
Jun 29, 2024
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS...
Unknown
Unreviewed
CVE-2024-37371
was published
Jun 29, 2024
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web...
Critical
Unreviewed
CVE-2024-5827
was published
Jun 29, 2024
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by...
Low
Unreviewed
CVE-2024-3995
was published
Jun 29, 2024
Cross-Site Request Forgery (CSRF) in stitionai/devika
High
Unreviewed
CVE-2024-5712
was published
Jun 29, 2024
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of...
Unknown
Unreviewed
CVE-2019-25211
was published
Jun 29, 2024
Rejected reason: CVE ID issued in error. This is not a valid vulnerability.
Unknown
Unreviewed
CVE-2024-5972
was published
Jun 29, 2024
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count...
Unknown
Unreviewed
CVE-2024-37370
was published
Jun 29, 2024
R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file.
Unknown
Unreviewed
CVE-2024-39828
was published
Jun 29, 2024
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is...
Moderate
Unreviewed
CVE-2024-25053
was published
Jun 29, 2024
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is...
Moderate
Unreviewed
CVE-2024-25041
was published
Jun 29, 2024
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10...
Moderate
Unreviewed
CVE-2022-38383
was published
Jun 29, 2024
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP...
Unknown
Unreviewed
CVE-2022-27540
was published
Jun 29, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout...
Moderate
Unreviewed
CVE-2024-25031
was published
Jun 29, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error...
Moderate
Unreviewed
CVE-2024-38322
was published
Jun 29, 2024
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via...
Unknown
Unreviewed
CVE-2024-27629
was published
Jun 29, 2024
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a...
Moderate
Unreviewed
CVE-2024-35156
was published
Jun 29, 2024
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via...
Unknown
Unreviewed
CVE-2024-27628
was published
Jun 29, 2024
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack...
Moderate
Unreviewed
CVE-2024-35116
was published
Jun 29, 2024
Unlimited number of NTS-KE connections can crash ntpd-rs server
High
CVE-2024-38528
was published
for
ntpd
(Rust)
Jun 28, 2024
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain...
Moderate
Unreviewed
CVE-2024-35139
was published
Jun 28, 2024
ProTip!
Advisories are also available from the
GraphQL API