GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,734 advisories
Filter by severity
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Critical
CVE-2024-5389
was published
for
lunary
(pip)
Jun 10, 2024
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache...
Critical
Unreviewed
CVE-2024-4577
was published
Jun 9, 2024
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager...
Critical
Unreviewed
CVE-2024-33565
was published
Jun 9, 2024
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a...
Critical
Unreviewed
CVE-2024-31244
was published
Jun 9, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Critical
GHSA-6fqw-j3vm-7f66
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Critical
GHSA-v42g-7q2x-cw32
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Critical
GHSA-2x36-qhx3-7m5f
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
ebookmeta XML External Entity vulnerability
Critical
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Critical
GHSA-qf36-fx9f-232x
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework vulnerable to XXE/XEE attacks
Critical
GHSA-f4fj-q6m4-cc52
was published
for
zendframework/zend-xmlrpc
(Composer)
Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks
Critical
GHSA-qc7w-4567-84wv
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via...
Critical
Unreviewed
CVE-2024-36673
was published
Jun 7, 2024
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress...
Critical
Unreviewed
CVE-2024-3592
was published
Jun 7, 2024
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the...
Critical
Unreviewed
CVE-2024-4320
was published
Jun 6, 2024
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex...
Critical
Unreviewed
CVE-2024-3149
was published
Jun 6, 2024
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,...
Critical
Unreviewed
CVE-2024-5128
was published
Jun 6, 2024
A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior...
Critical
Unreviewed
CVE-2024-5480
was published
Jun 6, 2024
In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure...
Critical
Unreviewed
CVE-2024-5133
was published
Jun 6, 2024
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its...
Critical
Unreviewed
CVE-2024-3234
was published
Jun 6, 2024
A path traversal vulnerability exists in the parisneo/lollms application, specifically within the...
Critical
Unreviewed
CVE-2024-3429
was published
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API