Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,737 advisories

Loading
Toshiba printers use SNMP for configuration. Using the private community, it is possible to... Critical Unreviewed
CVE-2024-27143 was published Jun 14, 2024
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can... Critical Unreviewed
CVE-2024-0095 was published Jun 14, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability Critical
CVE-2024-34102 was published for magento/community-edition (Composer) Jun 13, 2024
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an... Critical Unreviewed
CVE-2024-30299 was published Jun 13, 2024
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an... Critical Unreviewed
CVE-2024-30300 was published Jun 13, 2024
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an... Critical Unreviewed
CVE-2024-34108 was published Jun 13, 2024
The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products &... Critical Unreviewed
CVE-2024-4371 was published Jun 13, 2024
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all... Critical Unreviewed
CVE-2024-3922 was published Jun 13, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for org.apache.submarine:submarine-server-core (Maven) Jun 12, 2024
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management Critical
CVE-2024-5389 was published for lunary (pip) Jun 10, 2024
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
c0rydoras
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. Critical Unreviewed
CVE-2024-31611 was published Jun 10, 2024
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion... Critical Unreviewed
CVE-2024-32167 was published Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-3699 was published Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-1228 was published Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-3700 was published Jun 10, 2024
CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass... Critical Unreviewed
CVE-2024-37036 was published Jun 12, 2024
parisneo/lollms Local File Inclusion (LFI) attack Critical
CVE-2024-4315 was published for lollms (pip) Jun 12, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-4898 was published Jun 12, 2024
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the ... Critical Unreviewed
CVE-2024-5211 was published Jun 12, 2024
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0,... Critical Unreviewed
CVE-2024-35213 was published Jun 11, 2024
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
Jan path traversal vulnerability Critical
CVE-2024-36858 was published for @janhq/core (npm) Jun 4, 2024
Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. Critical Unreviewed
CVE-2024-36779 was published Jun 6, 2024
ProTip! Advisories are also available from the GraphQL API