GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,737 advisories
Filter by severity
When generating the systemd service units for the docker snap (and other similar snaps), snapd...
Critical
Unreviewed
CVE-2020-27352
was published
Jun 21, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Critical
CVE-2023-44981
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Oct 11, 2023
Prototype Pollution in minimist
Critical
CVE-2021-44906
was published
for
minimist
(npm)
Mar 18, 2022
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for...
Critical
Unreviewed
CVE-2021-41035
was published
May 24, 2022
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not...
Critical
Unreviewed
CVE-2023-38389
was published
Jun 21, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows...
Critical
Unreviewed
CVE-2024-35767
was published
Jun 21, 2024
XWiki Platform allows remote code execution from user account
Critical
CVE-2024-37899
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 20, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Critical
Unreviewed
CVE-2024-5756
was published
Jun 21, 2024
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape...
Critical
Unreviewed
CVE-2023-38316
was published
Nov 17, 2023
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in...
Critical
Unreviewed
CVE-2023-41101
was published
Nov 17, 2023
Vyper negative array index bounds checks
Critical
CVE-2024-24563
was published
for
vyper
(pip)
Feb 7, 2024
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a...
Critical
Unreviewed
CVE-2022-28805
was published
Apr 9, 2022
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to,...
Critical
Unreviewed
CVE-2024-4098
was published
Jun 20, 2024
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for...
Critical
Unreviewed
CVE-2024-4742
was published
Jun 20, 2024
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2024-5432
was published
Jun 20, 2024
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type'...
Critical
Unreviewed
CVE-2024-3605
was published
Jun 20, 2024
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a...
Critical
Unreviewed
CVE-2023-39312
was published
Jun 19, 2024
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server...
Critical
Unreviewed
CVE-2024-5021
was published
Jun 19, 2024
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to...
Critical
Unreviewed
CVE-2024-3229
was published
Jun 19, 2024
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file...
Critical
Unreviewed
CVE-2024-5853
was published
Jun 19, 2024
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6...
Critical
Unreviewed
CVE-2024-24790
was published
Jun 5, 2024
Replay Attack
in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows...
Critical
Unreviewed
CVE-2024-4009
was published
Jun 5, 2024
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request...
Critical
Unreviewed
CVE-2023-38430
was published
Jul 18, 2023
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd...
Critical
Unreviewed
CVE-2023-38431
was published
Jul 18, 2023
DeepJavaLibrary API absolute path traversal
Critical
CVE-2024-37902
was published
for
ai.djl:api
(Maven)
Jun 17, 2024
ProTip!
Advisories are also available from the
GraphQL API