Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

104,538 advisories

Loading
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary... Moderate Unreviewed
CVE-2023-50934 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject... Moderate Unreviewed
CVE-2023-50933 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an... Moderate Unreviewed
CVE-2023-50941 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS)... Moderate Unreviewed
CVE-2023-50962 was published Feb 2, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect... Moderate Unreviewed
CVE-2024-21794 was published Feb 2, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product... Moderate Unreviewed
CVE-2024-21866 was published Feb 2, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path... Moderate Unreviewed
CVE-2024-22096 was published Feb 2, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores... Moderate Unreviewed
CVE-2024-21869 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow... Moderate Unreviewed
CVE-2023-50939 was published Feb 2, 2024
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote... Moderate Unreviewed
CVE-2024-23034 was published Feb 2, 2024
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker... Moderate Unreviewed
CVE-2024-23032 was published Feb 2, 2024
Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote... Moderate Unreviewed
CVE-2024-23031 was published Feb 2, 2024
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote... Moderate Unreviewed
CVE-2024-22927 was published Feb 2, 2024
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote... Moderate Unreviewed
CVE-2024-23033 was published Feb 2, 2024
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker... Moderate Unreviewed
CVE-2024-1040 was published Feb 2, 2024
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers... Moderate Unreviewed
CVE-2023-47256 was published Feb 2, 2024
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with... Moderate Unreviewed
CVE-2024-24945 was published Feb 1, 2024
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with... Moderate Unreviewed
CVE-2024-24041 was published Feb 1, 2024
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can... Moderate Unreviewed
CVE-2024-1167 was published Feb 1, 2024
An insertion of Sensitive Information into Log File vulnerability is affecting DELMIA Apriso... Moderate Unreviewed
CVE-2024-0935 was published Feb 1, 2024
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. Moderate Unreviewed
CVE-2024-24061 was published Feb 1, 2024
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the... Moderate Unreviewed
CVE-2024-24059 was published Feb 1, 2024
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. Moderate Unreviewed
CVE-2024-24062 was published Feb 1, 2024
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. Moderate Unreviewed
CVE-2024-24060 was published Feb 1, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2023-51520 was published Feb 1, 2024
ProTip! Advisories are also available from the GraphQL API