GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,799 advisories
Filter by severity
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The...
Critical
Unreviewed
CVE-2024-33879
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP...
Critical
Unreviewed
CVE-2024-37228
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software...
Critical
Unreviewed
CVE-2024-37109
was published
Jun 24, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Critical
Unreviewed
CVE-2024-37091
was published
Jun 24, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-37089
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM...
Critical
Unreviewed
CVE-2024-5683
was published
Jun 24, 2024
When generating the systemd service units for the docker snap (and other similar snaps), snapd...
Critical
Unreviewed
CVE-2020-27352
was published
Jun 21, 2024
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not...
Critical
Unreviewed
CVE-2023-38389
was published
Jun 21, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows...
Critical
Unreviewed
CVE-2024-35767
was published
Jun 21, 2024
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table...
Critical
Unreviewed
CVE-2023-45197
was published
Jun 21, 2024
The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL...
Critical
Unreviewed
CVE-2024-6027
was published
Jun 21, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Critical
Unreviewed
CVE-2024-5756
was published
Jun 21, 2024
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to,...
Critical
Unreviewed
CVE-2024-4098
was published
Jun 20, 2024
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2024-5432
was published
Jun 20, 2024
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for...
Critical
Unreviewed
CVE-2024-4742
was published
Jun 20, 2024
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type'...
Critical
Unreviewed
CVE-2024-3605
was published
Jun 20, 2024
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a...
Critical
Unreviewed
CVE-2023-39312
was published
Jun 19, 2024
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server...
Critical
Unreviewed
CVE-2024-5021
was published
Jun 19, 2024
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to...
Critical
Unreviewed
CVE-2024-3229
was published
Jun 19, 2024
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file...
Critical
Unreviewed
CVE-2024-5853
was published
Jun 19, 2024
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2024-37079
was published
Jun 18, 2024
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2024-37080
was published
Jun 18, 2024
Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email...
Critical
Unreviewed
CVE-2024-6048
was published
Jun 17, 2024
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality....
Critical
Unreviewed
CVE-2024-6047
was published
Jun 17, 2024
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in...
Critical
Unreviewed
CVE-2024-6046
was published
Jun 17, 2024
ProTip!
Advisories are also available from the
GraphQL API