GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
792 advisories
Filter by severity
A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected...
Moderate
Unreviewed
CVE-2024-9006
was published
Sep 20, 2024
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7....
Moderate
Unreviewed
CVE-2024-8880
was published
Sep 16, 2024
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code....
Moderate
Unreviewed
CVE-2023-39333
was published
Sep 7, 2024
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue...
Moderate
Unreviewed
CVE-2024-8523
was published
Sep 7, 2024
There is a MEDIUM severity vulnerability affecting CPython.
The
email module didn’t properly...
Moderate
Unreviewed
CVE-2024-6923
was published
Aug 1, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc....
Moderate
Unreviewed
CVE-2024-43922
was published
Aug 29, 2024
An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious...
Moderate
Unreviewed
CVE-2023-43301
was published
Dec 7, 2023
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (...
Moderate
Unreviewed
CVE-2023-31296
was published
Dec 29, 2023
In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability...
Moderate
Unreviewed
CVE-2023-50810
was published
Aug 12, 2024
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3...
Moderate
Unreviewed
CVE-2024-41304
was published
Jul 30, 2024
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that...
Moderate
Unreviewed
CVE-2024-42598
was published
Aug 20, 2024
Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote...
Moderate
Unreviewed
CVE-2024-30845
was published
Apr 12, 2024
A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue...
Moderate
Unreviewed
CVE-2024-7899
was published
Aug 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table...
Moderate
Unreviewed
CVE-2024-43128
was published
Aug 13, 2024
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway...
Moderate
Unreviewed
CVE-2024-37382
was published
Aug 8, 2024
Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to...
Moderate
Unreviewed
CVE-2024-31648
was published
Apr 15, 2024
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert...
Moderate
Unreviewed
CVE-2024-29209
was published
May 7, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to...
Moderate
Unreviewed
CVE-2024-3958
was published
Aug 8, 2024
A user with administrative privileges can create a compromised dll file of the same name as the...
Moderate
Unreviewed
CVE-2024-2209
was published
Mar 27, 2024
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload...
Moderate
Unreviewed
CVE-2024-22724
was published
Mar 21, 2024
A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing...
Moderate
Unreviewed
CVE-2024-27627
was published
Mar 5, 2024
An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the...
Moderate
Unreviewed
CVE-2024-25359
was published
Mar 21, 2024
Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken...
Moderate
Unreviewed
CVE-2024-37405
was published
Jul 12, 2024
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute...
Moderate
Unreviewed
CVE-2023-26877
was published
Jun 26, 2024
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function...
Moderate
Unreviewed
CVE-2024-39002
was published
Jul 1, 2024
ProTip!
Advisories are also available from the
GraphQL API