GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,434
Erlang
29
GitHub Actions
16
Go
1,660
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
215,760 advisories
Filter by severity
Alinto SOGo through 5.10.0 allows XSS during attachment preview.
Unknown
Unreviewed
CVE-2024-34462
was published
May 4, 2024
Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action...
Unknown
Unreviewed
CVE-2024-34469
was published
May 4, 2024
ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cookie because think_exception...
Unknown
Unreviewed
CVE-2024-34467
was published
May 4, 2024
Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.
Unknown
Unreviewed
CVE-2024-34468
was published
May 4, 2024
IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to...
Moderate
Unreviewed
CVE-2023-27283
was published
May 4, 2024
The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable...
Moderate
Unreviewed
CVE-2023-7065
was published
May 4, 2024
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized...
Moderate
Unreviewed
CVE-2024-1050
was published
May 4, 2024
Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site...
Unknown
Unreviewed
CVE-2024-34461
was published
May 4, 2024
The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This...
Unknown
Unreviewed
CVE-2024-34460
was published
May 4, 2024
The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to,...
High
Unreviewed
CVE-2024-3240
was published
May 4, 2024
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a...
Moderate
Unreviewed
CVE-2024-3237
was published
May 4, 2024
The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's...
Moderate
Unreviewed
CVE-2024-3868
was published
May 4, 2024
Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory.
Unknown
Unreviewed
CVE-2024-34455
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which...
Moderate
Unreviewed
CVE-2023-40695
was published
May 3, 2024
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was...
Unknown
Unreviewed
CVE-2022-33010
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction...
Moderate
Unreviewed
CVE-2022-22364
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote...
Moderate
Unreviewed
CVE-2021-20451
was published
May 3, 2024
TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method...
Unknown
Unreviewed
CVE-2024-34453
was published
May 3, 2024
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to...
Unknown
Unreviewed
CVE-2024-30851
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic...
Moderate
Unreviewed
CVE-2020-4874
was published
May 3, 2024
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl...
Unknown
Unreviewed
CVE-2024-33789
was published
May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on...
Moderate
Unreviewed
CVE-2021-20450
was published
May 3, 2024
A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to...
Unknown
Unreviewed
CVE-2024-33793
was published
May 3, 2024
A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to...
Unknown
Unreviewed
CVE-2024-33791
was published
May 3, 2024
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name...
Unknown
Unreviewed
CVE-2024-31636
was published
May 3, 2024
ProTip!
Advisories are also available from the
GraphQL API