GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,721
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
604
pip
2,996
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,536 advisories
Filter by severity
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Low
CVE-2024-35239
was published
for
Umbraco.Forms
(NuGet)
May 28, 2024
silverstripe/framework sends passwords back to browsers under some circumstances
Low
GHSA-vh7q-j8p5-2h4h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Low
GHSA-5r8w-66hq-rc39
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework password encryption salt not updated
Low
GHSA-f3wp-xpv2-6vmg
was published
for
silverstripe/framework
(Composer)
May 27, 2024
github.com/huandu/facebook may expose access_token in error message.
Low
CVE-2024-35232
was published
for
github.com/huandu/facebook/v2
(Go)
May 24, 2024
vxe-table Cross-site Scripting vulnerability
Low
CVE-2023-1001
was published
for
vxe-table
(npm)
May 24, 2024
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
Low
Unreviewed
CVE-2024-29852
was published
May 23, 2024
Silverstripe admin XSS Vulnerability via WYSIWYG editor
Low
GHSA-779c-7w4p-2c4g
was published
for
silverstripe/admin
(Composer)
May 22, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration
Low
CVE-2024-32969
was published
for
vantage6
(pip)
May 22, 2024
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
Low
GHSA-2j6r-9vv4-6gf5
was published
for
github.com/bincyber/go-sqlcrypter
(Go)
May 20, 2024
Passbolt Api Retrieval of HTTP-only cookies
Low
GHSA-f5pp-pmq8-gp46
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0...
Low
Unreviewed
CVE-2024-5137
was published
May 20, 2024
A vulnerability classified as problematic has been found in PHPGurukul Directory Management...
Low
Unreviewed
CVE-2024-5136
was published
May 20, 2024
random_compat Uses insecure CSPRNG
Low
GHSA-3fmq-x9q6-wm39
was published
for
paragonie/random_compat
(Composer)
May 17, 2024
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
Low
GHSA-9wrw-p9rm-r782
was published
for
onelogin/php-saml
(Composer)
May 17, 2024
Insecure deserialize Vulnerability in FLOW3
Low
GHSA-7h74-7vcw-4mwp
was published
for
neos/flow
(Composer)
May 17, 2024
A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects...
Low
Unreviewed
CVE-2024-5044
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality...
Low
Unreviewed
CVE-2024-32708
was published
May 17, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in...
Low
Unreviewed
CVE-2024-4214
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows...
Low
Unreviewed
CVE-2024-22139
was published
May 17, 2024
Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows...
Low
Unreviewed
CVE-2024-30480
was published
May 17, 2024
Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0...
Low
Unreviewed
CVE-2024-22384
was published
May 16, 2024
Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before...
Low
Unreviewed
CVE-2023-47282
was published
May 16, 2024
Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an...
Low
Unreviewed
CVE-2023-47169
was published
May 16, 2024
NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an...
Low
Unreviewed
CVE-2023-48727
was published
May 16, 2024
ProTip!
Advisories are also available from the
GraphQL API