GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,809 advisories
Filter by severity
Replay Attack
in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows...
Critical
Unreviewed
CVE-2024-4009
was published
Jun 5, 2024
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6...
Critical
Unreviewed
CVE-2024-24790
was published
Jun 5, 2024
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-4743
was published
Jun 5, 2024
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via...
Critical
Unreviewed
CVE-2024-4295
was published
Jun 5, 2024
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
Critical
Unreviewed
CVE-2024-36675
was published
Jun 5, 2024
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn...
Critical
Unreviewed
CVE-2024-36604
was published
Jun 4, 2024
Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation...
Critical
Unreviewed
CVE-2024-35700
was published
Jun 4, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks...
Critical
Unreviewed
CVE-2024-25600
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-33560
was published
Jun 4, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Critical
Unreviewed
CVE-2024-34792
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-34551
was published
Jun 4, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2024-35629
was published
Jun 4, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited...
Critical
Unreviewed
CVE-2023-33930
was published
Jun 4, 2024
** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the “setCookie” parameter...
Critical
Unreviewed
CVE-2024-29973
was published
Jun 4, 2024
** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the CGI program ...
Critical
Unreviewed
CVE-2024-29972
was published
Jun 4, 2024
** UNSUPPORTED WHEN ASSIGNED **
The remote code execution vulnerability in the CGI program ...
Critical
Unreviewed
CVE-2024-29974
was published
Jun 4, 2024
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass...
Critical
Unreviewed
CVE-2024-4552
was published
Jun 4, 2024
Memory corruption in Hypervisor when platform information mentioned is not aligned.
Critical
Unreviewed
CVE-2023-43556
was published
Jun 3, 2024
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
Critical
Unreviewed
CVE-2023-43538
was published
Jun 3, 2024
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the...
Critical
Unreviewed
CVE-2023-43551
was published
Jun 3, 2024
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak...
Critical
Unreviewed
CVE-2024-5404
was published
Jun 3, 2024
DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote...
Critical
Unreviewed
CVE-2024-5311
was published
Jun 3, 2024
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In...
Critical
Unreviewed
CVE-2024-36391
was published
Jun 2, 2024
MileSight DeviceHub -
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path...
Critical
Unreviewed
CVE-2024-27776
was published
Jun 2, 2024
MileSight DeviceHub -
CWE-305 Missing Authentication for Critical Function
Critical
Unreviewed
CVE-2024-36388
was published
Jun 2, 2024
ProTip!
Advisories are also available from the
GraphQL API