Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,737 advisories

Loading
When generating the systemd service units for the docker snap (and other similar snaps), snapd... Critical Unreviewed
CVE-2020-27352 was published Jun 21, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper Critical
CVE-2023-44981 was published for org.apache.zookeeper:zookeeper (Maven) Oct 11, 2023
Prototype Pollution in minimist Critical
CVE-2021-44906 was published for minimist (npm) Mar 18, 2022
alopix ljharb
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for... Critical Unreviewed
CVE-2021-41035 was published May 24, 2022
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not... Critical Unreviewed
CVE-2023-38389 was published Jun 21, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows... Critical Unreviewed
CVE-2024-35767 was published Jun 21, 2024
XWiki Platform allows remote code execution from user account Critical
CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress... Critical Unreviewed
CVE-2024-5756 was published Jun 21, 2024
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape... Critical Unreviewed
CVE-2023-38316 was published Nov 17, 2023
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in... Critical Unreviewed
CVE-2023-41101 was published Nov 17, 2023
Vyper negative array index bounds checks Critical
CVE-2024-24563 was published for vyper (pip) Feb 7, 2024
cyberthirst iFrostizz
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a... Critical Unreviewed
CVE-2022-28805 was published Apr 9, 2022
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to,... Critical Unreviewed
CVE-2024-4098 was published Jun 20, 2024
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for... Critical Unreviewed
CVE-2024-4742 was published Jun 20, 2024
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed
CVE-2024-5432 was published Jun 20, 2024
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type'... Critical Unreviewed
CVE-2024-3605 was published Jun 20, 2024
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a... Critical Unreviewed
CVE-2023-39312 was published Jun 19, 2024
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server... Critical Unreviewed
CVE-2024-5021 was published Jun 19, 2024
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2024-3229 was published Jun 19, 2024
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-5853 was published Jun 19, 2024
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6... Critical Unreviewed
CVE-2024-24790 was published Jun 5, 2024
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows... Critical Unreviewed
CVE-2024-4009 was published Jun 5, 2024
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request... Critical Unreviewed
CVE-2023-38430 was published Jul 18, 2023
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd... Critical Unreviewed
CVE-2023-38431 was published Jul 18, 2023
DeepJavaLibrary API absolute path traversal Critical
CVE-2024-37902 was published for ai.djl:api (Maven) Jun 17, 2024
ProTip! Advisories are also available from the GraphQL API