GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
223,122 advisories
Filter by severity
Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to...
Unknown
Unreviewed
CVE-2024-41599
was published
Jul 19, 2024
Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function.
Unknown
Unreviewed
CVE-2024-41281
was published
Jul 19, 2024
Potential vulnerabilities have been identified in the HP Display Control software component...
Unknown
Unreviewed
CVE-2024-24970
was published
Jul 19, 2024
Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via...
Unknown
Unreviewed
CVE-2024-41603
was published
Jul 19, 2024
Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to...
Unknown
Unreviewed
CVE-2024-41601
was published
Jul 19, 2024
Potential vulnerabilities have been identified in the HP Display Control software component...
Unknown
Unreviewed
CVE-2024-29080
was published
Jul 19, 2024
A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via...
Unknown
Unreviewed
CVE-2024-41492
was published
Jul 19, 2024
Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote...
Unknown
Unreviewed
CVE-2024-41600
was published
Jul 19, 2024
Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote...
Unknown
Unreviewed
CVE-2024-41602
was published
Jul 19, 2024
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6...
Unknown
Unreviewed
CVE-2024-39963
was published
Jul 19, 2024
Information exposure in the logging system in Yugabyte Platform allows local attackers with...
Moderate
Unreviewed
CVE-2024-0006
was published
Jul 19, 2024
An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a...
Unknown
Unreviewed
CVE-2024-27489
was published
Jul 19, 2024
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a...
Unknown
Unreviewed
CVE-2024-39962
was published
Jul 19, 2024
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate...
Moderate
Unreviewed
CVE-2024-6908
was published
Jul 19, 2024
Insufficient authentication in user account management in Yugabyte Platform allows local network...
Moderate
Unreviewed
CVE-2024-6895
was published
Jul 19, 2024
A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified...
Moderate
Unreviewed
CVE-2024-6907
was published
Jul 19, 2024
A vulnerability was found in SourceCodester Record Management System 1.0 and classified as...
Moderate
Unreviewed
CVE-2024-6906
was published
Jul 19, 2024
A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222,...
Moderate
Unreviewed
CVE-2024-37066
was published
Jul 19, 2024
A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties...
Moderate
Unreviewed
CVE-2024-6916
was published
Jul 19, 2024
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In...
Unknown
Unreviewed
CVE-2024-41107
was published
Jul 19, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5977
was published
Jul 19, 2024
A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as...
Moderate
Unreviewed
CVE-2024-6905
was published
Jul 19, 2024
The YITH Essential Kit for WooCommerce #1 plugin for WordPress is vulnerable to unauthorized...
Moderate
Unreviewed
CVE-2024-6799
was published
Jul 19, 2024
A vulnerability, which was classified as critical, was found in SourceCodester Record Management...
Moderate
Unreviewed
CVE-2024-6904
was published
Jul 19, 2024
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If...
Unknown
Unreviewed
CVE-2024-39457
was published
Jul 19, 2024
ProTip!
Advisories are also available from the
GraphQL API