GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,810 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed...
Moderate
Unreviewed
CVE-2024-37924
was published
Aug 13, 2024
A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected...
Moderate
Unreviewed
CVE-2024-7704
was published
Aug 12, 2024
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user...
High
Unreviewed
CVE-2024-7697
was published
Aug 12, 2024
The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to...
Moderate
Unreviewed
CVE-2024-7382
was published
Aug 12, 2024
The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all...
Moderate
Unreviewed
CVE-2024-7414
was published
Aug 12, 2024
The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all...
Moderate
Unreviewed
CVE-2024-7410
was published
Aug 12, 2024
The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up...
Moderate
Unreviewed
CVE-2024-7416
was published
Aug 12, 2024
The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up...
Moderate
Unreviewed
CVE-2024-7412
was published
Aug 12, 2024
The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up...
Moderate
Unreviewed
CVE-2024-7413
was published
Aug 12, 2024
The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full...
Moderate
Unreviewed
CVE-2024-6562
was published
Aug 12, 2024
Dorsett Controls InfoScan is vulnerable due to a leak of possible
sensitive information through...
Moderate
Unreviewed
CVE-2024-42493
was published
Aug 8, 2024
Dorsett Controls Central Server update server has potential information
leaks with an...
Moderate
Unreviewed
CVE-2024-39287
was published
Aug 8, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17...
Moderate
Unreviewed
CVE-2024-7554
was published
Aug 8, 2024
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-6552
was published
Aug 8, 2024
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list...
Moderate
Unreviewed
CVE-2024-42222
was published
Aug 7, 2024
CloudStack account-users by default use username and password based authentication for API and UI...
High
Unreviewed
CVE-2024-42062
was published
Aug 7, 2024
An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a...
Moderate
Unreviewed
CVE-2024-34788
was published
Aug 7, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to...
Critical
Unreviewed
CVE-2024-42394
was published
Aug 6, 2024
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters...
High
Unreviewed
CVE-2024-42010
was published
Aug 5, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication
Moderate
CVE-2023-28857
was published
for
org.apereo.cas:cas-server-support-x509-core
(Maven)
Aug 5, 2024
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable...
High
Unreviewed
CVE-2024-6331
was published
Aug 4, 2024
openstack-heat may disclose sensitive information
High
CVE-2024-7319
was published
for
openstack-heat
(pip)
Aug 2, 2024
The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to,...
Moderate
Unreviewed
CVE-2024-6567
was published
Aug 2, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr...
High
Unreviewed
CVE-2024-38761
was published
Aug 2, 2024
ProTip!
Advisories are also available from the
GraphQL API