GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
104,538 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-23505
was published
Jan 31, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as...
Moderate
Unreviewed
CVE-2023-5992
was published
Jan 31, 2024
An integer overflow was found in the __vsyslog_internal function of the glibc library. This...
Moderate
Unreviewed
CVE-2023-6780
was published
Jan 31, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue...
Moderate
Unreviewed
CVE-2024-22291
was published
Jan 31, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpage Manager.This issue...
Moderate
Unreviewed
CVE-2024-22285
was published
Jan 31, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.This...
Moderate
Unreviewed
CVE-2024-22304
was published
Jan 31, 2024
Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell...
Moderate
Unreviewed
CVE-2024-22143
was published
Jan 31, 2024
Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons – Widgets,...
Moderate
Unreviewed
CVE-2024-22136
was published
Jan 31, 2024
A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as...
Moderate
Unreviewed
CVE-2024-1103
was published
Jan 31, 2024
Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop...
Moderate
Unreviewed
CVE-2024-0589
was published
Jan 31, 2024
A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low...
Moderate
Unreviewed
CVE-2023-50357
was published
Jan 31, 2024
A vulnerability was found in Rebuild up to 3.5.5. It has been classified as problematic. Affected...
Moderate
Unreviewed
CVE-2024-1099
was published
Jan 31, 2024
A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue...
Moderate
Unreviewed
CVE-2024-1098
was published
Jan 31, 2024
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing...
Moderate
Unreviewed
CVE-2024-23170
was published
Jan 31, 2024
A vulnerability, which was classified as critical, has been found in Wanhu ezOFFICE 11.1.0. This...
Moderate
Unreviewed
CVE-2024-1012
was published
Jan 31, 2024
The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-0836
was published
Jan 31, 2024
A timing side-channel vulnerability has been discovered in the opencryptoki package while...
Moderate
Unreviewed
CVE-2024-0914
was published
Jan 31, 2024
The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro'...
Moderate
Unreviewed
CVE-2023-2439
was published
Jan 31, 2024
Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute...
Moderate
Unreviewed
CVE-2024-22569
was published
Jan 31, 2024
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Moderate
Unreviewed
CVE-2024-21388
was published
Jan 30, 2024
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its...
Moderate
Unreviewed
CVE-2023-46231
was published
Jan 30, 2024
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker...
Moderate
Unreviewed
CVE-2023-37518
was published
Jan 30, 2024
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of...
Moderate
Unreviewed
CVE-2024-0564
was published
Jan 30, 2024
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version,...
Moderate
Unreviewed
CVE-2024-0674
was published
Jan 30, 2024
Weak password requirement vulnerability
in Lamassu Bitcoin ATM Douro machines, in its 7.1...
Moderate
Unreviewed
CVE-2024-0676
was published
Jan 30, 2024
ProTip!
Advisories are also available from the
GraphQL API