GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
97,391 advisories
Filter by severity
Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read...
High
Unreviewed
CVE-2024-8497
was published
Sep 25, 2024
The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
High
Unreviewed
CVE-2024-7617
was published
Sep 25, 2024
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in...
High
Unreviewed
CVE-2024-8481
was published
Sep 25, 2024
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in...
High
Unreviewed
CVE-2024-8349
was published
Sep 25, 2024
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to...
High
Unreviewed
CVE-2024-9123
was published
Sep 25, 2024
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering...
High
Unreviewed
CVE-2024-46607
was published
Sep 25, 2024
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order'...
High
Unreviewed
CVE-2024-8484
was published
Sep 25, 2024
Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform...
High
Unreviewed
CVE-2024-9122
was published
Sep 25, 2024
Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote...
High
Unreviewed
CVE-2024-9120
was published
Sep 25, 2024
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote...
High
Unreviewed
CVE-2024-9121
was published
Sep 25, 2024
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message...
High
Unreviewed
CVE-2024-46936
was published
Sep 25, 2024
The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin...
High
Unreviewed
CVE-2024-8914
was published
Sep 25, 2024
An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and...
High
Unreviewed
CVE-2024-46609
was published
Sep 25, 2024
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary...
High
Unreviewed
CVE-2023-26690
was published
Sep 25, 2024
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain...
High
Unreviewed
CVE-2023-26687
was published
Sep 25, 2024
Proxmox Virtual Environment is an open-source server management platform for enterprise...
High
Unreviewed
CVE-2024-21545
was published
Sep 25, 2024
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input
fields that are used to...
High
Unreviewed
CVE-2024-41725
was published
Sep 25, 2024
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to...
High
Unreviewed
CVE-2024-45373
was published
Sep 25, 2024
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute...
High
Unreviewed
CVE-2021-38963
was published
Sep 25, 2024
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run...
High
Unreviewed
CVE-2023-26691
was published
Sep 25, 2024
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
High
CVE-2024-39928
was published
for
org.apache.linkis:linkis-engineplugin-spark
(Maven)
Sep 25, 2024
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is...
High
Unreviewed
CVE-2022-2439
was published
Sep 24, 2024
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary...
High
Unreviewed
CVE-2024-8623
was published
Sep 24, 2024
The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all...
High
Unreviewed
CVE-2024-8795
was published
Sep 24, 2024
Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote...
High
Unreviewed
CVE-2024-7023
was published
Sep 24, 2024
ProTip!
Advisories are also available from the
GraphQL API