Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

240,683 advisories

Loading
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin... Critical Unreviewed
CVE-2024-6265 was published Jun 29, 2024
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2024-6405 was published Jun 29, 2024
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in... High Unreviewed
CVE-2024-5598 was published Jun 29, 2024
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2024-5942 was published Jun 29, 2024
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5889 was published Jun 29, 2024
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS... Unknown Unreviewed
CVE-2024-37371 was published Jun 29, 2024
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web... Critical Unreviewed
CVE-2024-5827 was published Jun 29, 2024
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by... Low Unreviewed
CVE-2024-3995 was published Jun 29, 2024
Cross-Site Request Forgery (CSRF) in stitionai/devika High Unreviewed
CVE-2024-5712 was published Jun 29, 2024
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of... Unknown Unreviewed
CVE-2019-25211 was published Jun 29, 2024
Rejected reason: CVE ID issued in error. This is not a valid vulnerability. Unknown Unreviewed
CVE-2024-5972 was published Jun 29, 2024
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count... Unknown Unreviewed
CVE-2024-37370 was published Jun 29, 2024
R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. Unknown Unreviewed
CVE-2024-39828 was published Jun 29, 2024
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is... Moderate Unreviewed
CVE-2024-25053 was published Jun 29, 2024
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is... Moderate Unreviewed
CVE-2024-25041 was published Jun 29, 2024
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10... Moderate Unreviewed
CVE-2022-38383 was published Jun 29, 2024
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP... Unknown Unreviewed
CVE-2022-27540 was published Jun 29, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout... Moderate Unreviewed
CVE-2024-25031 was published Jun 29, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error... Moderate Unreviewed
CVE-2024-38322 was published Jun 29, 2024
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via... Unknown Unreviewed
CVE-2024-27629 was published Jun 29, 2024
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a... Moderate Unreviewed
CVE-2024-35156 was published Jun 29, 2024
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via... Unknown Unreviewed
CVE-2024-27628 was published Jun 29, 2024
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack... Moderate Unreviewed
CVE-2024-35116 was published Jun 29, 2024
Unlimited number of NTS-KE connections can crash ntpd-rs server High
CVE-2024-38528 was published for ntpd (Rust) Jun 28, 2024
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain... Moderate Unreviewed
CVE-2024-35139 was published Jun 28, 2024
ProTip! Advisories are also available from the GraphQL API