Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,796
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

92,797 advisories

activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends High
CVE-2024-37031 was published for activeadmin (RubyGems) Jun 2, 2024
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
Decompressors can crash the JVM and leak memory content in Aircompressor High
CVE-2024-36114 was published for io.airlift:aircompressor (Maven) Jun 2, 2024
ptaoussanis Marcono1234
ip SSRF improper categorization in isPublic High
CVE-2024-29415 was published for ip (npm) Jun 2, 2024
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service High Unreviewed
CVE-2024-36390 was published Jun 2, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the ... High Unreviewed
CVE-2024-2178 was published Jun 2, 2024
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary... High Unreviewed
CVE-2024-4148 was published Jun 1, 2024
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for... High Unreviewed
CVE-2024-3821 was published Jun 1, 2024
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin... High Unreviewed
CVE-2024-4958 was published Jun 1, 2024
The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all... High Unreviewed
CVE-2024-5348 was published Jun 1, 2024
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File... High Unreviewed
CVE-2024-3564 was published Jun 1, 2024
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer... High Unreviewed
CVE-2024-5564 was published May 31, 2024
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x... High Unreviewed
CVE-2024-29848 was published May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows... High Unreviewed
CVE-2024-29830 was published May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows... High Unreviewed
CVE-2024-29846 was published May 31, 2024
A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high... High Unreviewed
CVE-2023-38551 was published May 31, 2024
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote... High Unreviewed
CVE-2024-22059 was published May 31, 2024
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a... High Unreviewed
CVE-2024-22060 was published May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows... High Unreviewed
CVE-2024-29829 was published May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows... High Unreviewed
CVE-2024-29828 was published May 31, 2024
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate... High Unreviewed
CVE-2024-35142 was published May 31, 2024
A buffer overflow allows a low privilege user on the local machine that has the EPM Agent... High Unreviewed
CVE-2024-22058 was published May 31, 2024
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate... High Unreviewed
CVE-2024-35140 was published May 31, 2024
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a... High Unreviewed
CVE-2023-38042 was published May 31, 2024
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1... High Unreviewed
CVE-2023-46810 was published May 31, 2024
ProTip! Advisories are also available from the GraphQL API