GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,796
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
92,797 advisories
Filter by severity
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
High
CVE-2024-37031
was published
for
activeadmin
(RubyGems)
Jun 2, 2024
Unsafe Reflection in base Component class in yiisoft/yii2
High
CVE-2024-4990
was published
for
yiisoft/yii2
(Composer)
Jun 2, 2024
Decompressors can crash the JVM and leak memory content in Aircompressor
High
CVE-2024-36114
was published
for
io.airlift:aircompressor
(Maven)
Jun 2, 2024
ip SSRF improper categorization in isPublic
High
CVE-2024-29415
was published
for
ip
(npm)
Jun 2, 2024
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service
High
Unreviewed
CVE-2024-36390
was published
Jun 2, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the ...
High
Unreviewed
CVE-2024-2178
was published
Jun 2, 2024
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary...
High
Unreviewed
CVE-2024-4148
was published
Jun 1, 2024
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for...
High
Unreviewed
CVE-2024-3821
was published
Jun 1, 2024
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin...
High
Unreviewed
CVE-2024-4958
was published
Jun 1, 2024
The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all...
High
Unreviewed
CVE-2024-5348
was published
Jun 1, 2024
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File...
High
Unreviewed
CVE-2024-3564
was published
Jun 1, 2024
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer...
High
Unreviewed
CVE-2024-5564
was published
May 31, 2024
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x...
High
Unreviewed
CVE-2024-29848
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
High
Unreviewed
CVE-2024-29830
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
High
Unreviewed
CVE-2024-29846
was published
May 31, 2024
A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high...
High
Unreviewed
CVE-2023-38551
was published
May 31, 2024
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote...
High
Unreviewed
CVE-2024-22059
was published
May 31, 2024
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a...
High
Unreviewed
CVE-2024-22060
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
High
Unreviewed
CVE-2024-29829
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
High
Unreviewed
CVE-2024-29828
was published
May 31, 2024
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate...
High
Unreviewed
CVE-2024-35142
was published
May 31, 2024
A buffer overflow allows a low privilege user on the local machine that has the EPM Agent...
High
Unreviewed
CVE-2024-22058
was published
May 31, 2024
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate...
High
Unreviewed
CVE-2024-35140
was published
May 31, 2024
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a...
High
Unreviewed
CVE-2023-38042
was published
May 31, 2024
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1...
High
Unreviewed
CVE-2023-46810
was published
May 31, 2024
ProTip!
Advisories are also available from the
GraphQL API