GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
104,538 advisories
Filter by severity
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject...
Moderate
Unreviewed
CVE-2023-50933
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an...
Moderate
Unreviewed
CVE-2023-50941
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to...
Moderate
Unreviewed
CVE-2023-50327
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS)...
Moderate
Unreviewed
CVE-2023-50962
was published
Feb 2, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect...
Moderate
Unreviewed
CVE-2024-21794
was published
Feb 2, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product...
Moderate
Unreviewed
CVE-2024-21866
was published
Feb 2, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path...
Moderate
Unreviewed
CVE-2024-22096
was published
Feb 2, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores...
Moderate
Unreviewed
CVE-2024-21869
was published
Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow...
Moderate
Unreviewed
CVE-2023-50939
was published
Feb 2, 2024
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote...
Moderate
Unreviewed
CVE-2024-23034
was published
Feb 2, 2024
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker...
Moderate
Unreviewed
CVE-2024-23032
was published
Feb 2, 2024
Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote...
Moderate
Unreviewed
CVE-2024-23031
was published
Feb 2, 2024
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote...
Moderate
Unreviewed
CVE-2024-22927
was published
Feb 2, 2024
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote...
Moderate
Unreviewed
CVE-2024-23033
was published
Feb 2, 2024
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker...
Moderate
Unreviewed
CVE-2024-1040
was published
Feb 2, 2024
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers...
Moderate
Unreviewed
CVE-2023-47256
was published
Feb 2, 2024
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with...
Moderate
Unreviewed
CVE-2024-24945
was published
Feb 1, 2024
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with...
Moderate
Unreviewed
CVE-2024-24041
was published
Feb 1, 2024
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can...
Moderate
Unreviewed
CVE-2024-1167
was published
Feb 1, 2024
An insertion of Sensitive Information into Log File vulnerability is affecting DELMIA Apriso...
Moderate
Unreviewed
CVE-2024-0935
was published
Feb 1, 2024
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role.
Moderate
Unreviewed
CVE-2024-24062
was published
Feb 1, 2024
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user.
Moderate
Unreviewed
CVE-2024-24060
was published
Feb 1, 2024
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the...
Moderate
Unreviewed
CVE-2024-24059
was published
Feb 1, 2024
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add.
Moderate
Unreviewed
CVE-2024-24061
was published
Feb 1, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2023-51520
was published
Feb 1, 2024
ProTip!
Advisories are also available from the
GraphQL API