GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,737 advisories
Filter by severity
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability...
Critical
Unreviewed
CVE-2024-5181
was published
Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution...
Critical
Unreviewed
CVE-2024-4884
was published
Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in...
Critical
Unreviewed
CVE-2024-4883
was published
Jun 25, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify...
Critical
Unreviewed
CVE-2024-5276
was published
Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution...
Critical
Unreviewed
CVE-2024-4885
was published
Jun 25, 2024
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows...
Critical
Unreviewed
CVE-2024-5805
was published
Jun 25, 2024
Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be...
Critical
Unreviewed
CVE-2024-6303
was published
Jun 25, 2024
The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ...
Critical
Unreviewed
CVE-2024-6028
was published
Jun 25, 2024
An improper input validation vulnerability was discovered in Avaya IP Office that could allow...
Critical
Unreviewed
CVE-2024-4196
was published
Jun 25, 2024
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow...
Critical
Unreviewed
CVE-2024-4197
was published
Jun 25, 2024
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with...
Critical
Unreviewed
CVE-2024-6297
was published
Jun 25, 2024
Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User...
Critical
Unreviewed
CVE-2023-6198
was published
Jun 25, 2024
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table...
Critical
Unreviewed
CVE-2023-45197
was published
Jun 21, 2024
The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL...
Critical
Unreviewed
CVE-2024-6027
was published
Jun 21, 2024
XWiki programming rights may be inherited by inclusion
Critical
CVE-2024-38369
was published
for
org.xwiki.platform:xwiki-platform-rendering-macro-include
(Maven)
Jun 24, 2024
Remote Code Execution via path traversal bypass in lollms
Critical
CVE-2024-5443
was published
for
lollms
(pip)
Jun 22, 2024
SM2 Decryption Buffer Overflow
Critical
CVE-2021-3711
was published
for
openssl-src
(Rust)
May 24, 2022
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP...
Critical
Unreviewed
CVE-2024-37228
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software...
Critical
Unreviewed
CVE-2024-37109
was published
Jun 24, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Critical
Unreviewed
CVE-2024-37091
was published
Jun 24, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-37089
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM...
Critical
Unreviewed
CVE-2024-5683
was published
Jun 24, 2024
PyMySQL SQL Injection vulnerability
Critical
CVE-2024-36039
was published
for
pymysql
(pip)
May 21, 2024
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache...
Critical
Unreviewed
CVE-2024-4577
was published
Jun 9, 2024
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is...
Critical
Unreviewed
CVE-2023-2597
was published
May 22, 2023
ProTip!
Advisories are also available from the
GraphQL API