GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
105,925 advisories
Filter by severity
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is...
Moderate
Unreviewed
CVE-2024-31880
was published
Oct 23, 2024
Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53....
Moderate
Unreviewed
CVE-2022-23861
was published
Oct 22, 2024
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action...
Moderate
Unreviewed
CVE-2024-46240
was published
Oct 22, 2024
Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file...
Moderate
Unreviewed
CVE-2024-48708
was published
Oct 22, 2024
Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack...
Moderate
Unreviewed
CVE-2024-46326
was published
Oct 21, 2024
A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow...
Moderate
Unreviewed
CVE-2024-46903
was published
Oct 22, 2024
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a)...
Moderate
Unreviewed
CVE-2024-48707
was published
Oct 22, 2024
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action...
Moderate
Unreviewed
CVE-2024-48706
was published
Oct 22, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform...
Moderate
Unreviewed
CVE-2024-20462
was published
Oct 16, 2024
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33...
Moderate
Unreviewed
CVE-2024-40088
was published
Oct 21, 2024
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak...
Moderate
Unreviewed
CVE-2024-40090
was published
Oct 21, 2024
In the Linux kernel, the following vulnerability has been resolved:
fuse: use exclusive lock...
Moderate
Unreviewed
CVE-2024-47746
was published
Oct 21, 2024
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cxgb4: Added NULL check...
Moderate
Unreviewed
CVE-2024-47749
was published
Oct 21, 2024
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix...
Moderate
Unreviewed
CVE-2024-47752
was published
Oct 21, 2024
Due to a code bug in
Secure_TSC, SEV firmware may allow an attacker with high privileges to cause...
Moderate
Unreviewed
CVE-2023-31347
was published
Feb 13, 2024
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an...
Moderate
Unreviewed
CVE-2024-47485
was published
Oct 18, 2024
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix...
Moderate
Unreviewed
CVE-2024-7890
was published
Sep 12, 2024
A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application,...
Moderate
Unreviewed
CVE-2024-3102
was published
Jun 6, 2024
Improper
Access Control in the AMD SPI protection feature may allow a user with Ring0
(kernel...
Moderate
Unreviewed
CVE-2023-20579
was published
Feb 13, 2024
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities...
Moderate
Unreviewed
CVE-2023-6824
was published
Jan 16, 2024
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature...
Moderate
Unreviewed
CVE-2019-18792
was published
May 24, 2022
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R...
Moderate
Unreviewed
CVE-2023-6815
was published
Feb 13, 2024
Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a...
Moderate
Unreviewed
CVE-2013-5919
was published
May 14, 2022
A vulnerability has been found in the CPython `venv` module and CLI where path names provided...
Moderate
Unreviewed
CVE-2024-9287
was published
Oct 22, 2024
Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x...
Moderate
Unreviewed
CVE-2024-49210
was published
Oct 22, 2024
ProTip!
Advisories are also available from the
GraphQL API