GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,434
Erlang
29
GitHub Actions
16
Go
1,660
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+
106,334 advisories
Filter by severity
IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to...
Moderate
Unreviewed
CVE-2023-27283
was published
May 4, 2024
The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable...
Moderate
Unreviewed
CVE-2023-7065
was published
May 4, 2024
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized...
Moderate
Unreviewed
CVE-2024-1050
was published
May 4, 2024
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a...
Moderate
Unreviewed
CVE-2024-3237
was published
May 4, 2024
The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's...
Moderate
Unreviewed
CVE-2024-3868
was published
May 4, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2023-40695
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction...
Moderate
Unreviewed
CVE-2022-22364
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote...
Moderate
Unreviewed
CVE-2021-20451
was published
May 3, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization
Moderate
CVE-2024-34075
was published
for
kurwov
(npm)
May 3, 2024
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Moderate
CVE-2024-34068
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
Pterodactyl panel's admin area vulnerable to Cross-site Scripting
Moderate
CVE-2024-34067
was published
for
pterodactyl/panel
(Composer)
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in...
Moderate
Unreviewed
CVE-2023-28952
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote...
Moderate
Unreviewed
CVE-2023-38724
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames...
Moderate
Unreviewed
CVE-2021-20556
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic...
Moderate
Unreviewed
CVE-2023-40696
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic...
Moderate
Unreviewed
CVE-2020-4874
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on...
Moderate
Unreviewed
CVE-2021-20450
was published
May 3, 2024
Vditor allows Cross-site Scripting via an attribute of an `A` element
Moderate
CVE-2024-34449
was published
for
vditor
(npm)
May 3, 2024
piraeus-operator allows attacker to impersonate service account
Moderate
CVE-2024-33398
was published
for
github.com/piraeusdatastore/piraeus-operator/v2
(Go)
May 3, 2024
changedetection.io Cross-site Scripting vulnerability
Moderate
CVE-2024-34061
was published
for
changedetection.io
(pip)
May 3, 2024
An implicit intent export vulnerability was reported in the Motorola Phone application, that...
Moderate
Unreviewed
CVE-2023-41828
was published
May 3, 2024
An improper absolute path traversal vulnerability was reported for the Ready For application...
Moderate
Unreviewed
CVE-2023-41830
was published
May 3, 2024
An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application...
Moderate
Unreviewed
CVE-2024-3108
was published
May 3, 2024
A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with...
Moderate
Unreviewed
CVE-2024-3109
was published
May 3, 2024
A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could...
Moderate
Unreviewed
CVE-2023-41826
was published
May 3, 2024
ProTip!
Advisories are also available from the
GraphQL API