GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
104,538 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2023-6673
was published
Feb 2, 2024
An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate...
Moderate
Unreviewed
CVE-2023-51820
was published
Feb 2, 2024
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2024-0963
was published
Feb 2, 2024
Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote...
Moderate
Unreviewed
CVE-2024-24388
was published
Feb 2, 2024
The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-0844
was published
Feb 2, 2024
A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to...
Moderate
Unreviewed
CVE-2023-51072
was published
Feb 2, 2024
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.
Moderate
Unreviewed
CVE-2024-21863
was published
Feb 2, 2024
: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows...
Moderate
Unreviewed
CVE-2021-22281
was published
Feb 2, 2024
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.
Moderate
Unreviewed
CVE-2024-0285
was published
Feb 2, 2024
in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution...
Moderate
Unreviewed
CVE-2023-45734
was published
Feb 2, 2024
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of...
Moderate
Unreviewed
CVE-2024-1047
was published
Feb 2, 2024
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in...
Moderate
Unreviewed
CVE-2024-1162
was published
Feb 2, 2024
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2024-1073
was published
Feb 2, 2024
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform...
Moderate
Unreviewed
CVE-2023-38263
was published
Feb 2, 2024
IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows...
Moderate
Unreviewed
CVE-2022-40744
was published
Feb 2, 2024
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate...
Moderate
Unreviewed
CVE-2023-38020
was published
Feb 2, 2024
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress...
Moderate
Unreviewed
CVE-2024-0685
was published
Feb 2, 2024
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due...
Moderate
Unreviewed
CVE-2023-32333
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may...
Moderate
Unreviewed
CVE-2023-50935
was published
Feb 2, 2024
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base...
Moderate
Unreviewed
CVE-2023-46344
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow...
Moderate
Unreviewed
CVE-2023-50937
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an...
Moderate
Unreviewed
CVE-2023-50936
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an...
Moderate
Unreviewed
CVE-2023-50940
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to...
Moderate
Unreviewed
CVE-2023-50327
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the...
Moderate
Unreviewed
CVE-2023-50938
was published
Feb 2, 2024
ProTip!
Advisories are also available from the
GraphQL API