Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,808 advisories

Loading
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user... High Unreviewed
CVE-2024-7697 was published Aug 12, 2024
The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all... Moderate Unreviewed
CVE-2024-7414 was published Aug 12, 2024
The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all... Moderate Unreviewed
CVE-2024-7410 was published Aug 12, 2024
The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up... Moderate Unreviewed
CVE-2024-7416 was published Aug 12, 2024
The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up... Moderate Unreviewed
CVE-2024-7412 was published Aug 12, 2024
The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up... Moderate Unreviewed
CVE-2024-7413 was published Aug 12, 2024
The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to... Moderate Unreviewed
CVE-2024-7382 was published Aug 12, 2024
The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full... Moderate Unreviewed
CVE-2024-6562 was published Aug 12, 2024
Microsoft Office Spoofing Vulnerability High Unreviewed
CVE-2024-38200 was published Aug 12, 2024
Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through... Moderate Unreviewed
CVE-2024-42493 was published Aug 8, 2024
Dorsett Controls Central Server update server has potential information leaks with an... Moderate Unreviewed
CVE-2024-39287 was published Aug 8, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17... Moderate Unreviewed
CVE-2024-7554 was published Aug 8, 2024
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-6552 was published Aug 8, 2024
CloudStack account-users by default use username and password based authentication for API and UI... High Unreviewed
CVE-2024-42062 was published Aug 7, 2024
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list... Moderate Unreviewed
CVE-2024-42222 was published Aug 7, 2024
An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a... Moderate Unreviewed
CVE-2024-34788 was published Aug 7, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to... Critical Unreviewed
CVE-2024-42394 was published Aug 6, 2024
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters... High Unreviewed
CVE-2024-42010 was published Aug 5, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication Moderate
CVE-2023-28857 was published for org.apereo.cas:cas-server-support-x509-core (Maven) Aug 5, 2024
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable... High Unreviewed
CVE-2024-6331 was published Aug 4, 2024
openstack-heat may disclose sensitive information High
CVE-2024-7319 was published for openstack-heat (pip) Aug 2, 2024
The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to,... Moderate Unreviewed
CVE-2024-6567 was published Aug 2, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr... High Unreviewed
CVE-2024-38761 was published Aug 2, 2024
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification Moderate
CVE-2024-41264 was published for github.com/casdoor/casdoor (Go) Aug 1, 2024
ProTip! Advisories are also available from the GraphQL API