Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,737 advisories

Loading
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. Critical Unreviewed
CVE-2024-36675 was published Jun 5, 2024
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
Jan path traversal vulnerability Critical
CVE-2024-36858 was published for @janhq/core (npm) Jun 4, 2024
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn... Critical Unreviewed
CVE-2024-36604 was published Jun 4, 2024
Unable to generate the correct character set Critical
CVE-2024-36400 was published for nano-id (Rust) Jun 4, 2024
ciffelia
nano-id reduced entropy due to inadequate character set usage Critical
GHSA-2hfw-w739-p7x5 was published for nano-id (Rust) Jun 4, 2024
Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation... Critical Unreviewed
CVE-2024-35700 was published Jun 4, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks... Critical Unreviewed
CVE-2024-25600 was published Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-33560 was published Jun 4, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2024-35629 was published Jun 4, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2024-34792 was published Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-34551 was published Jun 4, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited... Critical Unreviewed
CVE-2023-33930 was published Jun 4, 2024
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter... Critical Unreviewed
CVE-2024-29973 was published Jun 4, 2024
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass... Critical Unreviewed
CVE-2024-4552 was published Jun 4, 2024
** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program ... Critical Unreviewed
CVE-2024-29974 was published Jun 4, 2024
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program ... Critical Unreviewed
CVE-2024-29972 was published Jun 4, 2024
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the... Critical Unreviewed
CVE-2023-43551 was published Jun 3, 2024
qdrant input validation failure Critical
CVE-2024-3829 was published for qdrant-client (pip) Jun 3, 2024
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization. Critical Unreviewed
CVE-2023-43538 was published Jun 3, 2024
Memory corruption in Hypervisor when platform information mentioned is not aligned. Critical Unreviewed
CVE-2023-43556 was published Jun 3, 2024
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak... Critical Unreviewed
CVE-2024-5404 was published Jun 3, 2024
DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote... Critical Unreviewed
CVE-2024-5311 was published Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint Critical
CVE-2024-3584 was published for qdrant (Rust) Jun 2, 2024
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In... Critical Unreviewed
CVE-2024-36391 was published Jun 2, 2024
ProTip! Advisories are also available from the GraphQL API