GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
94,614 advisories
Filter by severity
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality...
High
Unreviewed
CVE-2024-24623
was published
Jul 26, 2024
Softaculous Webuzo contains a command injection in the password reset functionality. A remote,...
High
Unreviewed
CVE-2024-24622
was published
Jul 26, 2024
There is an elevation of privilege vulnerability in server
and client components of Absolute...
High
Unreviewed
CVE-2024-40872
was published
Jul 25, 2024
Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass...
High
Unreviewed
CVE-2024-7007
was published
Jul 25, 2024
OpenAM FreeMarker template injection
High
CVE-2024-41667
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jul 25, 2024
Memory request logic vulnerability in the memory module.
Impact: Successful exploitation of this...
High
Unreviewed
CVE-2024-39672
was published
Jul 25, 2024
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion...
High
Unreviewed
CVE-2024-6589
was published
Jul 25, 2024
A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote...
High
Unreviewed
CVE-2024-41706
was published
Jul 25, 2024
A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated...
High
Unreviewed
CVE-2024-41705
was published
Jul 25, 2024
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6...
High
Unreviewed
CVE-2024-7047
was published
Jul 25, 2024
A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN...
High
Unreviewed
CVE-2024-33519
was published
Jul 24, 2024
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line...
High
Unreviewed
CVE-2024-41135
was published
Jul 24, 2024
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line...
High
Unreviewed
CVE-2024-41133
was published
Jul 24, 2024
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line...
High
Unreviewed
CVE-2024-41134
was published
Jul 24, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
High
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and...
High
Unreviewed
CVE-2024-36541
was published
Jul 24, 2024
AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have...
High
Unreviewed
CVE-2024-31970
was published
Jul 24, 2024
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could...
High
Unreviewed
CVE-2024-22443
was published
Jul 24, 2024
AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have...
High
Unreviewed
CVE-2024-39345
was published
Jul 24, 2024
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could...
High
Unreviewed
CVE-2024-41914
was published
Jul 24, 2024
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is...
High
Unreviewed
CVE-2024-6096
was published
Jul 24, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information
High
CVE-2024-39676
was published
for
org.apache.pinot:pinot-controller
(Maven)
Jul 24, 2024
The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to...
High
Unreviewed
CVE-2024-6756
was published
Jul 24, 2024
The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
High
Unreviewed
CVE-2024-6753
was published
Jul 24, 2024
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification,...
High
Unreviewed
CVE-2024-6750
was published
Jul 24, 2024
ProTip!
Advisories are also available from the
GraphQL API