GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,750 advisories
Filter by severity
A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application...
Critical
Unreviewed
CVE-2024-36266
was published
Jun 11, 2024
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-3549
was published
Jun 11, 2024
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE...
Critical
Unreviewed
CVE-2023-44373
was published
Nov 14, 2023
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
Critical
Unreviewed
CVE-2024-29855
was published
Jun 11, 2024
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution...
Critical
Unreviewed
CVE-2023-41913
was published
Dec 7, 2023
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2024-35629
was published
Jun 4, 2024
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection
Critical
CVE-2021-43350
was published
for
github.com/apache/trafficcontrol
(Go)
May 24, 2022
Rancher Recreates Default User With Known Password Despite Deletion
Critical
CVE-2019-11202
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c...
Critical
Unreviewed
CVE-2023-47212
was published
May 1, 2024
Duplicate Advisory: SQL injection in pgjdbc
Critical
GHSA-xfg6-62px-cxc2
was published
for
org.postgresql:postgresql
(Maven)
Feb 19, 2024
•
withdrawn
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1...
Critical
Unreviewed
CVE-2024-37051
was published
Jun 10, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress...
Critical
Unreviewed
CVE-2024-35746
was published
Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-35677
was published
Jun 10, 2024
Vulnerability discovered by executing a planned security audit.
Improper Limitation of a...
Critical
Unreviewed
CVE-2024-34762
was published
Jun 10, 2024
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who...
Critical
Unreviewed
CVE-2024-4671
was published
May 14, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager...
Critical
Unreviewed
CVE-2024-33565
was published
Jun 9, 2024
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a...
Critical
Unreviewed
CVE-2024-31244
was published
Jun 9, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Critical
GHSA-6fqw-j3vm-7f66
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Critical
GHSA-v42g-7q2x-cw32
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Critical
GHSA-2x36-qhx3-7m5f
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
ebookmeta XML External Entity vulnerability
Critical
CVE-2024-37388
was published
for
ebookmeta
(pip)
Jun 7, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API