Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+

94,614 advisories

Loading
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality... High Unreviewed
CVE-2024-24623 was published Jul 26, 2024
Softaculous Webuzo contains a command injection in the password reset functionality. A remote,... High Unreviewed
CVE-2024-24622 was published Jul 26, 2024
There is an elevation of privilege vulnerability in server and client components of Absolute... High Unreviewed
CVE-2024-40872 was published Jul 25, 2024
Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass... High Unreviewed
CVE-2024-7007 was published Jul 25, 2024
OpenAM FreeMarker template injection High
CVE-2024-41667 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Jul 25, 2024
AfterSnows
Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this... High Unreviewed
CVE-2024-39672 was published Jul 25, 2024
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion... High Unreviewed
CVE-2024-6589 was published Jul 25, 2024
A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote... High Unreviewed
CVE-2024-41706 was published Jul 25, 2024
A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated... High Unreviewed
CVE-2024-41705 was published Jul 25, 2024
A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6... High Unreviewed
CVE-2024-7047 was published Jul 25, 2024
A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN... High Unreviewed
CVE-2024-33519 was published Jul 24, 2024
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line... High Unreviewed
CVE-2024-41135 was published Jul 24, 2024
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line... High Unreviewed
CVE-2024-41133 was published Jul 24, 2024
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line... High Unreviewed
CVE-2024-41134 was published Jul 24, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE) High
CVE-2024-40137 was published for dolibarr/dolibarr (Composer) Jul 24, 2024
Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and... High Unreviewed
CVE-2024-36541 was published Jul 24, 2024
AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have... High Unreviewed
CVE-2024-31970 was published Jul 24, 2024
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could... High Unreviewed
CVE-2024-22443 was published Jul 24, 2024
AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have... High Unreviewed
CVE-2024-39345 was published Jul 24, 2024
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could... High Unreviewed
CVE-2024-41914 was published Jul 24, 2024
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is... High Unreviewed
CVE-2024-6096 was published Jul 24, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information High
CVE-2024-39676 was published for org.apache.pinot:pinot-controller (Maven) Jul 24, 2024
oscerd
The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-6756 was published Jul 24, 2024
The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2024-6753 was published Jul 24, 2024
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification,... High Unreviewed
CVE-2024-6750 was published Jul 24, 2024
ProTip! Advisories are also available from the GraphQL API