Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,434
Erlang
29
GitHub Actions
16
Go
1,660
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+

106,334 advisories

IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to... Moderate Unreviewed
CVE-2023-27283 was published May 4, 2024
The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2023-7065 was published May 4, 2024
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-1050 was published May 4, 2024
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2024-3237 was published May 4, 2024
The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's... Moderate Unreviewed
CVE-2024-3868 was published May 4, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2023-40695 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction... Moderate Unreviewed
CVE-2022-22364 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote... Moderate Unreviewed
CVE-2021-20451 was published May 3, 2024
kurwov vulnerable to Denial of Service due to improper data sanitization Moderate
CVE-2024-34075 was published for kurwov (npm) May 3, 2024
SuperchupuDev
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull Moderate
CVE-2024-34068 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
Pterodactyl panel's admin area vulnerable to Cross-site Scripting Moderate
CVE-2024-34067 was published for pterodactyl/panel (Composer) May 3, 2024
TrixterTheTux matthewpi
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in... Moderate Unreviewed
CVE-2023-28952 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote... Moderate Unreviewed
CVE-2023-38724 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames... Moderate Unreviewed
CVE-2021-20556 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2023-40696 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2020-4874 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on... Moderate Unreviewed
CVE-2021-20450 was published May 3, 2024
Vditor allows Cross-site Scripting via an attribute of an `A` element Moderate
CVE-2024-34449 was published for vditor (npm) May 3, 2024
piraeus-operator allows attacker to impersonate service account Moderate
CVE-2024-33398 was published for github.com/piraeusdatastore/piraeus-operator/v2 (Go) May 3, 2024
changedetection.io Cross-site Scripting vulnerability Moderate
CVE-2024-34061 was published for changedetection.io (pip) May 3, 2024
Nguyen-Trung-Kien
An implicit intent export vulnerability was reported in the Motorola Phone application, that... Moderate Unreviewed
CVE-2023-41828 was published May 3, 2024
An improper absolute path traversal vulnerability was reported for the Ready For application... Moderate Unreviewed
CVE-2023-41830 was published May 3, 2024
An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application... Moderate Unreviewed
CVE-2024-3108 was published May 3, 2024
A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with... Moderate Unreviewed
CVE-2024-3109 was published May 3, 2024
A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could... Moderate Unreviewed
CVE-2023-41826 was published May 3, 2024
ProTip! Advisories are also available from the GraphQL API