Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,434
Erlang
29
GitHub Actions
16
Go
1,660
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

215,760 advisories

Alinto SOGo through 5.10.0 allows XSS during attachment preview. Unknown Unreviewed
CVE-2024-34462 was published May 4, 2024
Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action... Unknown Unreviewed
CVE-2024-34469 was published May 4, 2024
ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cookie because think_exception... Unknown Unreviewed
CVE-2024-34467 was published May 4, 2024
Rukovoditel before 3.5.3 allows XSS via user_photo to My Page. Unknown Unreviewed
CVE-2024-34468 was published May 4, 2024
IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to... Moderate Unreviewed
CVE-2023-27283 was published May 4, 2024
The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2023-7065 was published May 4, 2024
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-1050 was published May 4, 2024
Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site... Unknown Unreviewed
CVE-2024-34461 was published May 4, 2024
The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This... Unknown Unreviewed
CVE-2024-34460 was published May 4, 2024
The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to,... High Unreviewed
CVE-2024-3240 was published May 4, 2024
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2024-3237 was published May 4, 2024
The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's... Moderate Unreviewed
CVE-2024-3868 was published May 4, 2024
Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. Unknown Unreviewed
CVE-2024-34455 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which... Moderate Unreviewed
CVE-2023-40695 was published May 3, 2024
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was... Unknown Unreviewed
CVE-2022-33010 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction... Moderate Unreviewed
CVE-2022-22364 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote... Moderate Unreviewed
CVE-2021-20451 was published May 3, 2024
TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method... Unknown Unreviewed
CVE-2024-34453 was published May 3, 2024
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to... Unknown Unreviewed
CVE-2024-30851 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2020-4874 was published May 3, 2024
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl... Unknown Unreviewed
CVE-2024-33789 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on... Moderate Unreviewed
CVE-2021-20450 was published May 3, 2024
A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to... Unknown Unreviewed
CVE-2024-33793 was published May 3, 2024
A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to... Unknown Unreviewed
CVE-2024-33791 was published May 3, 2024
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name... Unknown Unreviewed
CVE-2024-31636 was published May 3, 2024
ProTip! Advisories are also available from the GraphQL API