Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,750 advisories

Loading
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. Critical Unreviewed
CVE-2024-31611 was published Jun 10, 2024
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion... Critical Unreviewed
CVE-2024-32167 was published Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-1228 was published Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-3700 was published Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive... Critical Unreviewed
CVE-2024-3699 was published Jun 10, 2024
CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass... Critical Unreviewed
CVE-2024-37036 was published Jun 12, 2024
parisneo/lollms Local File Inclusion (LFI) attack Critical
CVE-2024-4315 was published for lollms (pip) Jun 12, 2024
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the ... Critical Unreviewed
CVE-2024-5211 was published Jun 12, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-4898 was published Jun 12, 2024
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0,... Critical Unreviewed
CVE-2024-35213 was published Jun 11, 2024
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
Jan path traversal vulnerability Critical
CVE-2024-36858 was published for @janhq/core (npm) Jun 4, 2024
Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. Critical Unreviewed
CVE-2024-36779 was published Jun 6, 2024
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. Critical Unreviewed
CVE-2024-36675 was published Jun 5, 2024
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Critical Unreviewed
CVE-2024-30080 was published Jun 11, 2024
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via... Critical Unreviewed
CVE-2024-36673 was published Jun 7, 2024
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via... Critical Unreviewed
CVE-2024-4295 was published Jun 5, 2024
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL... Critical Unreviewed
CVE-2024-4743 was published Jun 5, 2024
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway... Critical Unreviewed
CVE-2024-2013 was published Jun 11, 2024
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker... Critical Unreviewed
CVE-2024-2012 was published Jun 11, 2024
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-21326 was published Jan 26, 2024
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn... Critical Unreviewed
CVE-2024-36604 was published Jun 4, 2024
Windows Kerberos Security Feature Bypass Vulnerability Critical Unreviewed
CVE-2024-20674 was published Jan 9, 2024
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to... Critical Unreviewed
CVE-2023-48193 was published Nov 28, 2023
ProTip! Advisories are also available from the GraphQL API