Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

108,855 advisories

Loading
Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker... Moderate Unreviewed
CVE-2024-6299 was published Jun 25, 2024
Lack of validation of origin in federation API in Conduit, allowing any remote server to... Moderate Unreviewed
CVE-2024-6301 was published Jun 25, 2024
The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5451 was published Jun 25, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2024-32111 was published Jun 25, 2024
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions... Moderate Unreviewed
CVE-2024-6307 was published Jun 25, 2024
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2... Moderate Unreviewed
CVE-2024-28832 was published Jun 25, 2024
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows... Moderate Unreviewed
CVE-2024-28831 was published Jun 25, 2024
WordPress Core is vulnerable to Stored Cross-Site Scripting via the Template Part Block in... Moderate Unreviewed
CVE-2024-6305 was published Jun 25, 2024
WordPress Core is vulnerable to Directory Traversal in various versions up to 6.5.5 via the... Moderate Unreviewed
CVE-2024-6306 was published Jun 25, 2024
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable... Moderate Unreviewed
CVE-2024-4641 was published Jun 25, 2024
The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification... Moderate Unreviewed
CVE-2024-3249 was published Jun 25, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site... Moderate Unreviewed
CVE-2024-34141 was published Jun 25, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site... Moderate Unreviewed
CVE-2024-34142 was published Jun 25, 2024
Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows... Moderate Unreviewed
CVE-2024-22385 was published Jun 25, 2024
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft... Moderate Unreviewed
CVE-2024-37679 was published Jun 24, 2024
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF)... Moderate Unreviewed
CVE-2021-45785 was published Jun 24, 2024
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site... Moderate Unreviewed
CVE-2024-37680 was published Jun 24, 2024
Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute... Moderate Unreviewed
CVE-2024-37732 was published Jun 24, 2024
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The... Moderate Unreviewed
CVE-2024-33881 was published Jun 24, 2024
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It... Moderate Unreviewed
CVE-2024-33880 was published Jun 24, 2024
go-retryablehttp can leak basic auth credentials to log files Moderate
CVE-2024-6104 was published for github.com/hashicorp/go-retryablehttp (Go) Jun 24, 2024
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store` Moderate
CVE-2023-49793 was published for codechecker (pip) Jun 24, 2024
Discookie vodorok
whisperity Szelethus bruntib
In the Linux kernel, the following vulnerability has been resolved: um: Add winch to... Moderate Unreviewed
CVE-2024-39292 was published Jun 24, 2024
Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly... Moderate Unreviewed
CVE-2024-37233 was published Jun 24, 2024
A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function... Moderate Unreviewed
CVE-2024-4839 was published Jun 24, 2024
ProTip! Advisories are also available from the GraphQL API