GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
229,155 advisories
Filter by severity
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated...
Moderate
Unreviewed
CVE-2024-9333
was published
Oct 2, 2024
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.
Unknown
Unreviewed
CVE-2024-33662
was published
Oct 2, 2024
Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in...
Moderate
Unreviewed
CVE-2024-21530
was published
Oct 2, 2024
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.
Unknown
Unreviewed
CVE-2024-45186
was published
Oct 2, 2024
The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
High
Unreviewed
CVE-2024-7855
was published
Oct 2, 2024
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient...
Unknown
Unreviewed
CVE-2024-7315
was published
Oct 2, 2024
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows...
Moderate
Unreviewed
CVE-2024-9174
was published
Oct 2, 2024
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via...
Moderate
Unreviewed
CVE-2024-46079
was published
Oct 1, 2024
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to...
Unknown
Unreviewed
CVE-2024-31835
was published
Oct 1, 2024
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated...
Moderate
Unreviewed
CVE-2024-46081
was published
Oct 1, 2024
Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via...
Unknown
Unreviewed
CVE-2024-46082
was published
Oct 1, 2024
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4...
Critical
Unreviewed
CVE-2024-42514
was published
Oct 1, 2024
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated...
Moderate
Unreviewed
CVE-2024-46083
was published
Oct 1, 2024
Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip...
Unknown
Unreviewed
CVE-2024-46080
was published
Oct 1, 2024
A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the...
Unknown
Unreviewed
CVE-2024-45999
was published
Oct 1, 2024
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the...
Moderate
Unreviewed
CVE-2024-9411
was published
Oct 1, 2024
Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip...
Unknown
Unreviewed
CVE-2024-46084
was published
Oct 1, 2024
A website configured to initiate a specially crafted WebTransport session could crash the Firefox...
Unknown
Unreviewed
CVE-2024-9399
was published
Oct 1, 2024
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of...
Critical
Unreviewed
CVE-2024-9402
was published
Oct 1, 2024
Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory...
High
Unreviewed
CVE-2024-9403
was published
Oct 1, 2024
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird...
Critical
Unreviewed
CVE-2024-9401
was published
Oct 1, 2024
A potential memory corruption vulnerability could be triggered if an attacker had the ability to...
High
Unreviewed
CVE-2024-9400
was published
Oct 1, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under...
Unknown
Unreviewed
CVE-2024-9394
was published
Oct 1, 2024
A missing delay in directory upload UI could have made it possible for an attacker to trick a...
Unknown
Unreviewed
CVE-2024-9397
was published
Oct 1, 2024
By checking the result of calls to `window.open` with specifically set protocol handlers, an...
Unknown
Unreviewed
CVE-2024-9398
was published
Oct 1, 2024
ProTip!
Advisories are also available from the
GraphQL API