GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
221,700 advisories
Filter by severity
A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before...
Unknown
Unreviewed
CVE-2024-33862
was published
Jul 6, 2024
An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access...
Unknown
Unreviewed
CVE-2024-39182
was published
Jul 6, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via...
Unknown
Unreviewed
CVE-2024-39023
was published
Jul 5, 2024
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such...
High
Unreviewed
CVE-2024-5753
was published
Jul 5, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http...
Unknown
Unreviewed
CVE-2024-39021
was published
Jul 5, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via ...
Unknown
Unreviewed
CVE-2024-39022
was published
Jul 5, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via ...
Unknown
Unreviewed
CVE-2024-39020
was published
Jul 5, 2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via ...
Unknown
Unreviewed
CVE-2024-39019
was published
Jul 5, 2024
Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0...
Unknown
Unreviewed
CVE-2024-27717
was published
Jul 5, 2024
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet.
Unknown
Unreviewed
CVE-2024-39150
was published
Jul 5, 2024
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote...
Unknown
Unreviewed
CVE-2024-27712
was published
Jul 5, 2024
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote...
Unknown
Unreviewed
CVE-2024-27710
was published
Jul 5, 2024
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote...
Unknown
Unreviewed
CVE-2024-27711
was published
Jul 5, 2024
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote...
Unknown
Unreviewed
CVE-2024-27713
was published
Jul 5, 2024
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access...
Unknown
Unreviewed
CVE-2024-37767
was published
Jul 5, 2024
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote...
Unknown
Unreviewed
CVE-2024-27715
was published
Jul 5, 2024
Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote...
Unknown
Unreviewed
CVE-2024-27716
was published
Jul 5, 2024
A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows...
Unknown
Unreviewed
CVE-2024-39174
was published
Jul 5, 2024
MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via...
Unknown
Unreviewed
CVE-2024-39178
was published
Jul 5, 2024
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via...
Unknown
Unreviewed
CVE-2024-29319
was published
Jul 5, 2024
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute...
Unknown
Unreviewed
CVE-2024-27709
was published
Jul 5, 2024
Best House Rental Management System v1.0 was discovered to contain an arbitrary file read...
Unknown
Unreviewed
CVE-2024-39210
was published
Jul 5, 2024
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the...
Unknown
Unreviewed
CVE-2024-37768
was published
Jul 5, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
Unknown
Unreviewed
CVE-2024-23997
was published
Jul 5, 2024
Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via...
Unknown
Unreviewed
CVE-2024-29318
was published
Jul 5, 2024
ProTip!
Advisories are also available from the
GraphQL API