Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

255,734 advisories

Loading
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites... Moderate Unreviewed
CVE-2024-25702 was published Oct 4, 2024
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 which may... Moderate Unreviewed
CVE-2024-8149 was published Oct 4, 2024
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1... Moderate Unreviewed
CVE-2024-25691 was published Oct 4, 2024
There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9... High Unreviewed
CVE-2024-38040 was published Oct 4, 2024
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise... Moderate Unreviewed
CVE-2024-25701 was published Oct 4, 2024
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7... Moderate Unreviewed
CVE-2024-38038 was published Oct 4, 2024
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may... Moderate Unreviewed
CVE-2024-38037 was published Oct 4, 2024
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7... Moderate Unreviewed
CVE-2024-38036 was published Oct 4, 2024
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3... Low Unreviewed
CVE-2024-8974 was published Sep 27, 2024
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2024-7692 was published Sep 2, 2024
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses... High Unreviewed
CVE-2024-7713 was published Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-8608 was published Sep 27, 2024
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows... High Unreviewed
CVE-2024-8609 was published Sep 27, 2024
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... High Unreviewed
CVE-2017-10271 was published May 13, 2022
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Critical Unreviewed
CVE-2024-7950 was published Sep 4, 2024
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back... Moderate Unreviewed
CVE-2024-7354 was published Sep 2, 2024
@saltcorn/server arbitrary file zip read and download when downloading auto backups Moderate
GHSA-277h-px4m-62q8 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results Moderate
GHSA-cfqx-f43m-vfh7 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings High
GHSA-78p3-fwcq-62c2 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source High
GHSA-fm76-w8jw-xf8m was published for @saltcorn/plugins-loader (npm) Oct 3, 2024
dellalibera
Sentry SDK Prototype Pollution gadget in JavaScript SDKs Moderate
GHSA-593m-55hh-j8gv was published for @sentry/browser (npm) Oct 3, 2024
Grav File Upload Path Traversal High
CVE-2024-27921 was published for getgrav/grav (Composer) Mar 22, 2024
richighimi
pretix Stored Cross-site Scripting vulnerability High
CVE-2024-8113 was published for pretix (pip) Aug 23, 2024
p-w
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race... Moderate Unreviewed
CVE-2024-46850 was published Sep 27, 2024
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the... Moderate Unreviewed
CVE-2024-46848 was published Sep 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database