GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
221,313 advisories
Filter by severity
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom...
Unknown
Unreviewed
CVE-2024-39840
was published
Jun 29, 2024
The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL...
High
Unreviewed
CVE-2024-2386
was published
Jun 29, 2024
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th...
High
Unreviewed
CVE-2024-25943
was published
Jun 29, 2024
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color...
Moderate
Unreviewed
CVE-2023-4017
was published
Jun 29, 2024
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-5819
was published
Jun 29, 2024
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when...
Unknown
Unreviewed
CVE-2024-39331
was published
Jun 24, 2024
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-5790
was published
Jun 29, 2024
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2024-5666
was published
Jun 29, 2024
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...
Moderate
Unreviewed
CVE-2024-6363
was published
Jun 29, 2024
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the...
High
Unreviewed
CVE-2021-41689
was published
Jun 29, 2022
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
High
Unreviewed
CVE-2022-43272
was published
Dec 2, 2022
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create...
Moderate
Unreviewed
CVE-2024-5192
was published
Jun 29, 2024
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2024-6405
was published
Jun 29, 2024
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in...
High
Unreviewed
CVE-2024-5598
was published
Jun 29, 2024
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5889
was published
Jun 29, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error...
Moderate
Unreviewed
CVE-2024-38322
was published
Jun 29, 2024
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via...
Unknown
Unreviewed
CVE-2024-27629
was published
Jun 29, 2024
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a...
Moderate
Unreviewed
CVE-2024-35156
was published
Jun 29, 2024
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via...
Unknown
Unreviewed
CVE-2024-27628
was published
Jun 29, 2024
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS...
Unknown
Unreviewed
CVE-2024-37371
was published
Jun 29, 2024
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack...
Moderate
Unreviewed
CVE-2024-35116
was published
Jun 29, 2024
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of...
Unknown
Unreviewed
CVE-2019-25211
was published
Jun 29, 2024
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin...
Critical
Unreviewed
CVE-2024-6265
was published
Jun 29, 2024
Rejected reason: CVE ID issued in error. This is not a valid vulnerability.
Unknown
Unreviewed
CVE-2024-5972
was published
Jun 29, 2024
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count...
Unknown
Unreviewed
CVE-2024-37370
was published
Jun 29, 2024
ProTip!
Advisories are also available from the
GraphQL API