GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,750 advisories
Filter by severity
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited...
Critical
Unreviewed
CVE-2023-33930
was published
Jun 4, 2024
** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the “setCookie” parameter...
Critical
Unreviewed
CVE-2024-29973
was published
Jun 4, 2024
** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the CGI program ...
Critical
Unreviewed
CVE-2024-29972
was published
Jun 4, 2024
** UNSUPPORTED WHEN ASSIGNED **
The remote code execution vulnerability in the CGI program ...
Critical
Unreviewed
CVE-2024-29974
was published
Jun 4, 2024
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass...
Critical
Unreviewed
CVE-2024-4552
was published
Jun 4, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
Memory corruption in Hypervisor when platform information mentioned is not aligned.
Critical
Unreviewed
CVE-2023-43556
was published
Jun 3, 2024
Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
Critical
Unreviewed
CVE-2023-43538
was published
Jun 3, 2024
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the...
Critical
Unreviewed
CVE-2023-43551
was published
Jun 3, 2024
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak...
Critical
Unreviewed
CVE-2024-5404
was published
Jun 3, 2024
DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote...
Critical
Unreviewed
CVE-2024-5311
was published
Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In...
Critical
Unreviewed
CVE-2024-36391
was published
Jun 2, 2024
MileSight DeviceHub -
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path...
Critical
Unreviewed
CVE-2024-27776
was published
Jun 2, 2024
MileSight DeviceHub -
CWE-305 Missing Authentication for Critical Function
Critical
Unreviewed
CVE-2024-36388
was published
Jun 2, 2024
MileSight DeviceHub -
CWE-330 Use of Insufficiently Random Values may allow Authentication...
Critical
Unreviewed
CVE-2024-36389
was published
Jun 2, 2024
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of...
Critical
Unreviewed
CVE-2024-3200
was published
Jun 1, 2024
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for...
Critical
Unreviewed
CVE-2024-3820
was published
Jun 1, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29822
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29823
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29825
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29826
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29824
was published
May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows...
Critical
Unreviewed
CVE-2024-29827
was published
May 31, 2024
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection...
Critical
Unreviewed
CVE-2024-23692
was published
May 31, 2024
ProTip!
Advisories are also available from the
GraphQL API