GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
104,503 advisories
Filter by severity
A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue...
Moderate
Unreviewed
CVE-2024-1098
was published
Jan 31, 2024
A vulnerability was found in Rebuild up to 3.5.5. It has been classified as problematic. Affected...
Moderate
Unreviewed
CVE-2024-1099
was published
Jan 31, 2024
A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low...
Moderate
Unreviewed
CVE-2023-50357
was published
Jan 31, 2024
The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-0836
was published
Jan 31, 2024
A vulnerability, which was classified as critical, has been found in Wanhu ezOFFICE 11.1.0. This...
Moderate
Unreviewed
CVE-2024-1012
was published
Jan 31, 2024
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing...
Moderate
Unreviewed
CVE-2024-23170
was published
Jan 31, 2024
A timing side-channel vulnerability has been discovered in the opencryptoki package while...
Moderate
Unreviewed
CVE-2024-0914
was published
Jan 31, 2024
The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro'...
Moderate
Unreviewed
CVE-2023-2439
was published
Jan 31, 2024
Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute...
Moderate
Unreviewed
CVE-2024-22569
was published
Jan 31, 2024
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its...
Moderate
Unreviewed
CVE-2023-46231
was published
Jan 30, 2024
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker...
Moderate
Unreviewed
CVE-2023-37518
was published
Jan 30, 2024
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Moderate
Unreviewed
CVE-2024-21388
was published
Jan 30, 2024
A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as...
Moderate
Unreviewed
CVE-2024-1031
was published
Jan 30, 2024
A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8....
Moderate
Unreviewed
CVE-2024-1033
was published
Jan 30, 2024
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of...
Moderate
Unreviewed
CVE-2024-0564
was published
Jan 30, 2024
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version,...
Moderate
Unreviewed
CVE-2024-0674
was published
Jan 30, 2024
Weak password requirement vulnerability
in Lamassu Bitcoin ATM Douro machines, in its 7.1...
Moderate
Unreviewed
CVE-2024-0676
was published
Jan 30, 2024
Vulnerability of improper checking for unusual or exceptional conditions
in Lamassu Bitcoin ATM...
Moderate
Unreviewed
CVE-2024-0675
was published
Jan 30, 2024
A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This...
Moderate
Unreviewed
CVE-2024-1030
was published
Jan 30, 2024
Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars...
Moderate
Unreviewed
CVE-2024-1063
was published
Jan 30, 2024
An issue in AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 and Novelan Heatpumps...
Moderate
Unreviewed
CVE-2024-22894
was published
Jan 30, 2024
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2023-7225
was published
Jan 30, 2024
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC...
Moderate
Unreviewed
CVE-2023-6374
was published
Jan 30, 2024
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user...
Moderate
Unreviewed
CVE-2024-22647
was published
Jan 30, 2024
A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4...
Moderate
Unreviewed
CVE-2024-22648
was published
Jan 30, 2024
ProTip!
Advisories are also available from the
GraphQL API