Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,721
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
604
pip
2,996
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,536 advisories

Umbraco Forms components vulnerable to Stored Cross-site Scripting Low
CVE-2024-35239 was published for Umbraco.Forms (NuGet) May 28, 2024
silverstripe/framework sends passwords back to browsers under some circumstances Low
GHSA-vh7q-j8p5-2h4h was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled Low
GHSA-5r8w-66hq-rc39 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework password encryption salt not updated Low
GHSA-f3wp-xpv2-6vmg was published for silverstripe/framework (Composer) May 27, 2024
github.com/huandu/facebook may expose access_token in error message. Low
CVE-2024-35232 was published for github.com/huandu/facebook/v2 (Go) May 24, 2024
seiyab
vxe-table Cross-site Scripting vulnerability Low
CVE-2023-1001 was published for vxe-table (npm) May 24, 2024
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. Low Unreviewed
CVE-2024-29852 was published May 23, 2024
Silverstripe admin XSS Vulnerability via WYSIWYG editor Low
GHSA-779c-7w4p-2c4g was published for silverstripe/admin (Composer) May 22, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration Low
CVE-2024-32969 was published for vantage6 (pip) May 22, 2024
github.com/bincyber/go-sqlcrypter vulnerable to IV collision Low
GHSA-2j6r-9vv4-6gf5 was published for github.com/bincyber/go-sqlcrypter (Go) May 20, 2024
Passbolt Api Retrieval of HTTP-only cookies Low
GHSA-f5pp-pmq8-gp46 was published for passbolt/passbolt_api (Composer) May 20, 2024
A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0... Low Unreviewed
CVE-2024-5137 was published May 20, 2024
A vulnerability classified as problematic has been found in PHPGurukul Directory Management... Low Unreviewed
CVE-2024-5136 was published May 20, 2024
random_compat Uses insecure CSPRNG Low
GHSA-3fmq-x9q6-wm39 was published for paragonie/random_compat (Composer) May 17, 2024
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse. Low
GHSA-9wrw-p9rm-r782 was published for onelogin/php-saml (Composer) May 17, 2024
Insecure deserialize Vulnerability in FLOW3 Low
GHSA-7h74-7vcw-4mwp was published for neos/flow (Composer) May 17, 2024
A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects... Low Unreviewed
CVE-2024-5044 was published May 17, 2024
Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality... Low Unreviewed
CVE-2024-32708 was published May 17, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in... Low Unreviewed
CVE-2024-4214 was published May 17, 2024
Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows... Low Unreviewed
CVE-2024-22139 was published May 17, 2024
Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows... Low Unreviewed
CVE-2024-30480 was published May 17, 2024
Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0... Low Unreviewed
CVE-2024-22384 was published May 16, 2024
Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before... Low Unreviewed
CVE-2023-47282 was published May 16, 2024
Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an... Low Unreviewed
CVE-2023-47169 was published May 16, 2024
NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an... Low Unreviewed
CVE-2023-48727 was published May 16, 2024
ProTip! Advisories are also available from the GraphQL API