GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
90,148 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-44003
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43975
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-44002
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-44007
was published
Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-43969
was published
Sep 18, 2024
Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site...
High
Unreviewed
CVE-2024-44064
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43970
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-44009
was published
Sep 18, 2024
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue....
High
Unreviewed
CVE-2024-8957
was published
Sep 17, 2024
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to...
High
Unreviewed
CVE-2024-8904
was published
Sep 17, 2024
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote...
High
Unreviewed
CVE-2024-8905
was published
Sep 17, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to...
High
Unreviewed
CVE-2024-38183
was published
Sep 17, 2024
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows...
High
Unreviewed
CVE-2024-43460
was published
Sep 17, 2024
There is a command injection vulnerability that may allow an attacker to inject malicious input...
High
Unreviewed
CVE-2024-45682
was published
Sep 17, 2024
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network...
High
Unreviewed
CVE-2024-38813
was published
Sep 17, 2024
Authenticated command injection vulnerability exists in the ArubaOS command line interface....
High
Unreviewed
CVE-2024-42502
was published
Sep 17, 2024
Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI)....
High
Unreviewed
CVE-2024-42503
was published
Sep 17, 2024
An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of...
High
Unreviewed
CVE-2024-42501
was published
Sep 17, 2024
Incorrect Privilege Assignment vulnerability in favethemes Houzez houzez allows Privilege...
High
Unreviewed
CVE-2024-22303
was published
Sep 17, 2024
Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This...
High
Unreviewed
CVE-2024-21743
was published
Sep 17, 2024
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document...
High
Unreviewed
CVE-2024-7788
was published
Sep 17, 2024
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via ...
High
Unreviewed
CVE-2024-46362
was published
Sep 17, 2024
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via ...
High
Unreviewed
CVE-2024-46085
was published
Sep 17, 2024
The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to,...
High
Unreviewed
CVE-2024-8761
was published
Sep 17, 2024
The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions...
High
Unreviewed
CVE-2024-8490
was published
Sep 17, 2024
ProTip!
Advisories are also available from the
GraphQL API