GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,737 advisories
Filter by severity
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2024-37079
was published
Jun 18, 2024
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2024-37080
was published
Jun 18, 2024
rke's credentials are stored in the RKE1 Cluster state ConfigMap
Critical
CVE-2023-32191
was published
for
github.com/rancher/rke
(Go)
Jun 17, 2024
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who...
Critical
Unreviewed
CVE-2023-6345
was published
Nov 29, 2023
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability....
Critical
Unreviewed
CVE-2023-22518
was published
Oct 31, 2023
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have...
Critical
Unreviewed
CVE-2022-45063
was published
Nov 10, 2022
Files or Directories Accessible to External Parties in ProjectDiscovery
Critical
CVE-2024-5262
was published
for
github.com/projectdiscovery/interactsh
(Go)
Jun 5, 2024
Unable to generate the correct character set
Critical
CVE-2024-36400
was published
for
nano-id
(Rust)
Jun 4, 2024
Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email...
Critical
Unreviewed
CVE-2024-6048
was published
Jun 17, 2024
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality....
Critical
Unreviewed
CVE-2024-6047
was published
Jun 17, 2024
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in...
Critical
Unreviewed
CVE-2024-6046
was published
Jun 17, 2024
The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is...
Critical
Unreviewed
CVE-2024-3105
was published
Jun 15, 2024
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is...
Critical
Unreviewed
CVE-2024-4258
was published
Jun 15, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all...
Critical
Unreviewed
CVE-2024-5871
was published
Jun 15, 2024
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote...
Critical
Unreviewed
CVE-2024-5671
was published
Jun 14, 2024
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and...
Critical
Unreviewed
CVE-2024-2472
was published
Jun 14, 2024
Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An...
Critical
Unreviewed
CVE-2024-3912
was published
Jun 14, 2024
The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in...
Critical
Unreviewed
CVE-2024-5577
was published
Jun 14, 2024
Remote Command program allows an attacker to get Remote Code Execution. As for the affected...
Critical
Unreviewed
CVE-2024-27172
was published
Jun 14, 2024
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing...
Critical
Unreviewed
CVE-2024-27173
was published
Jun 14, 2024
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be...
Critical
Unreviewed
CVE-2024-27174
was published
Jun 14, 2024
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and...
Critical
Unreviewed
CVE-2024-4936
was published
Jun 14, 2024
The Toshiba printers provide several ways to upload files using the admin web interface. An...
Critical
Unreviewed
CVE-2024-27145
was published
Jun 14, 2024
The Toshiba printers provide several ways to upload files using the web interface without...
Critical
Unreviewed
CVE-2024-27144
was published
Jun 14, 2024
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated...
Critical
Unreviewed
CVE-2024-3080
was published
Jun 14, 2024
ProTip!
Advisories are also available from the
GraphQL API