Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

23,060 advisories

Loading
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource... Critical Unreviewed
CVE-2024-9142 was published Sep 25, 2024
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload... Critical Unreviewed
CVE-2024-8940 was published Sep 25, 2024
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to... Critical Unreviewed
CVE-2024-46612 was published Sep 25, 2024
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input... Critical Unreviewed
CVE-2024-9148 was published Sep 25, 2024
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2024-8485 was published Sep 25, 2024
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL... Critical Unreviewed
CVE-2024-8436 was published Sep 25, 2024
Mellium allows Authentication Bypass by Spoofing Critical
CVE-2024-46957 was published for mellium.im/xmpp (Go) Sep 25, 2024
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in... Critical Unreviewed
CVE-2024-42797 was published Sep 25, 2024
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary... Critical Unreviewed
CVE-2023-26686 was published Sep 25, 2024
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user... Critical Unreviewed
CVE-2023-26689 was published Sep 25, 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a... Critical Unreviewed
CVE-2024-45066 was published Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42505 was published Sep 25, 2024
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full... Critical Unreviewed
CVE-2024-43692 was published Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42506 was published Sep 25, 2024
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user... Critical Unreviewed
CVE-2024-43423 was published Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed
CVE-2024-42507 was published Sep 25, 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a... Critical Unreviewed
CVE-2024-43693 was published Sep 25, 2024
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection... Critical Unreviewed
CVE-2024-8624 was published Sep 24, 2024
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin... Critical Unreviewed
CVE-2024-8791 was published Sep 24, 2024
The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-8671 was published Sep 24, 2024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote... Critical Unreviewed
CVE-2024-7024 was published Sep 24, 2024
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) Critical
CVE-2024-47066 was published for @lobehub/chat (npm) Sep 23, 2024
a1loy
DataEase's H2 datasource has a remote command execution risk Critical
CVE-2024-46997 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
A condition exists in FlashArray Purity whereby an user with array admin role can execute... Critical Unreviewed
CVE-2024-0004 was published Sep 23, 2024
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication.... Critical Unreviewed
CVE-2024-9014 was published Sep 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database