GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,809 advisories
Filter by severity
MileSight DeviceHub -
CWE-305 Missing Authentication for Critical Function
Critical
Unreviewed
CVE-2024-36388
was published
Jun 2, 2024
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of...
Critical
Unreviewed
CVE-2024-3200
was published
Jun 1, 2024
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for...
Critical
Unreviewed
CVE-2024-3820
was published
Jun 1, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29824
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29827
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29822
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29823
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29825
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29826
was published
May 31, 2024
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection...
Critical
Unreviewed
CVE-2024-23692
was published
May 31, 2024
Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t...
Critical
Unreviewed
CVE-2024-5168
was published
May 23, 2024
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file...
Critical
Unreviewed
CVE-2024-5084
was published
May 23, 2024
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise...
Critical
Unreviewed
CVE-2024-29849
was published
May 23, 2024
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This...
Critical
Unreviewed
CVE-2023-51637
was published
May 22, 2024
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ...
Critical
Unreviewed
CVE-2024-3495
was published
May 22, 2024
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local...
Critical
Unreviewed
CVE-2024-5147
was published
May 22, 2024
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is...
Critical
Unreviewed
CVE-2024-4443
was published
May 22, 2024
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the...
Critical
Unreviewed
CVE-2023-3943
was published
May 21, 2024
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to write...
Critical
Unreviewed
CVE-2023-3941
was published
May 21, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection')...
Critical
Unreviewed
CVE-2023-3939
was published
May 21, 2024
The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all...
Critical
Unreviewed
CVE-2024-4442
was published
May 21, 2024
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when...
Critical
Unreviewed
CVE-2024-4985
was published
May 21, 2024
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the...
Critical
Unreviewed
CVE-2024-4323
was published
May 20, 2024
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1...
Critical
Unreviewed
CVE-2024-3761
was published
May 20, 2024
Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded...
Critical
Unreviewed
CVE-2024-36080
was published
May 19, 2024
ProTip!
Advisories are also available from the
GraphQL API