GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
249,130 advisories
Filter by severity
Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an...
High
Unreviewed
CVE-2024-28948
was published
Sep 27, 2024
Advantech ADAM 5550's web application includes a "logs" page where all
the HTTP requests...
High
Unreviewed
CVE-2024-38308
was published
Sep 27, 2024
Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers...
Moderate
Unreviewed
CVE-2024-46470
was published
Sep 27, 2024
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes...
High
Unreviewed
CVE-2024-46471
was published
Sep 27, 2024
An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to...
Moderate
Unreviewed
CVE-2024-46333
was published
Sep 27, 2024
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises...
High
Unreviewed
CVE-2024-6983
was published
Sep 27, 2024
CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter ...
High
Unreviewed
CVE-2024-46472
was published
Sep 27, 2024
A null-dereference vulnerability involving parsing requests specifying invalid protocols can...
Moderate
Unreviewed
CVE-2024-45863
was published
Sep 27, 2024
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands...
Critical
Unreviewed
CVE-2024-46627
was published
Sep 26, 2024
An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code...
High
Unreviewed
CVE-2024-46441
was published
Sep 27, 2024
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks...
Moderate
Unreviewed
CVE-2024-7714
was published
Sep 27, 2024
ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect...
High
Unreviewed
CVE-2024-46331
was published
Sep 27, 2024
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information...
Moderate
Unreviewed
CVE-2024-45989
was published
Sep 26, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain...
High
Unreviewed
CVE-2024-40511
was published
Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain...
High
Unreviewed
CVE-2024-40512
was published
Sep 27, 2024
A use-after-free vulnerability involving upgradeToRocket requests can cause the application to...
High
Unreviewed
CVE-2024-45773
was published
Sep 27, 2024
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as...
Moderate
Unreviewed
CVE-2024-9082
was published
Sep 22, 2024
The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is...
Moderate
Unreviewed
CVE-2024-8052
was published
Sep 17, 2024
The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places,...
Moderate
Unreviewed
CVE-2024-8051
was published
Sep 17, 2024
The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when...
Moderate
Unreviewed
CVE-2024-8091
was published
Sep 17, 2024
The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places,...
Moderate
Unreviewed
CVE-2024-8092
was published
Sep 17, 2024
The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places,...
Moderate
Unreviewed
CVE-2024-8043
was published
Sep 17, 2024
The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its...
Moderate
Unreviewed
CVE-2024-5170
was published
Sep 17, 2024
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products...
Moderate
Unreviewed
CVE-2023-4489
was published
Dec 15, 2023
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure...
Moderate
Unreviewed
CVE-2024-22473
was published
Feb 21, 2024
ProTip!
Advisories are also available from the
GraphQL API