GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,750 advisories
Filter by severity
Jupyter Server Proxy has a reflected XSS issue in host parameter
Critical
CVE-2024-35225
was published
for
jupyter-server-proxy
(pip)
Jun 11, 2024
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.
Critical
Unreviewed
CVE-2024-31611
was published
Jun 10, 2024
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion...
Critical
Unreviewed
CVE-2024-32167
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-1228
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-3700
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-3699
was published
Jun 10, 2024
CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass...
Critical
Unreviewed
CVE-2024-37036
was published
Jun 12, 2024
parisneo/lollms Local File Inclusion (LFI) attack
Critical
CVE-2024-4315
was published
for
lollms
(pip)
Jun 12, 2024
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the ...
Critical
Unreviewed
CVE-2024-5211
was published
Jun 12, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-4898
was published
Jun 12, 2024
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0,...
Critical
Unreviewed
CVE-2024-35213
was published
Jun 11, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
Jan path traversal vulnerability
Critical
CVE-2024-36858
was published
for
@janhq/core
(npm)
Jun 4, 2024
Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.
Critical
Unreviewed
CVE-2024-36779
was published
Jun 6, 2024
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
Critical
Unreviewed
CVE-2024-36675
was published
Jun 5, 2024
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-30080
was published
Jun 11, 2024
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via...
Critical
Unreviewed
CVE-2024-36673
was published
Jun 7, 2024
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via...
Critical
Unreviewed
CVE-2024-4295
was published
Jun 5, 2024
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-4743
was published
Jun 5, 2024
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /
API Gateway...
Critical
Unreviewed
CVE-2024-2013
was published
Jun 11, 2024
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker...
Critical
Unreviewed
CVE-2024-2012
was published
Jun 11, 2024
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21326
was published
Jan 26, 2024
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn...
Critical
Unreviewed
CVE-2024-36604
was published
Jun 4, 2024
Windows Kerberos Security Feature Bypass Vulnerability
Critical
Unreviewed
CVE-2024-20674
was published
Jan 9, 2024
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to...
Critical
Unreviewed
CVE-2023-48193
was published
Nov 28, 2023
ProTip!
Advisories are also available from the
GraphQL API