GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,342
Composer 3,964
Erlang 29
GitHub Actions 16
Go 1,746
Maven 4,974
npm 3,507
NuGet 609
pip 3,071
Pub 10
RubyGems 832
Rust 780
Swift 34

Unreviewed advisories

All unreviewed 220,965

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

21,709 advisories

Filter by severity

Sort by

Least recently updated

Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User... Critical Unreviewed

CVE-2023-6198 was published Jun 25, 2024

XWiki programming rights may be inherited by inclusion Critical

CVE-2024-38369 was published for org.xwiki.platform:xwiki-platform-rendering-macro-include (Maven) Jun 24, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP... Critical Unreviewed

CVE-2024-37228 was published Jun 24, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software... Critical Unreviewed

CVE-2024-37109 was published Jun 24, 2024

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed

CVE-2024-37091 was published Jun 24, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed

CVE-2024-37089 was published Jun 24, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM... Critical Unreviewed

CVE-2024-5683 was published Jun 24, 2024

Remote Code Execution via path traversal bypass in lollms Critical

CVE-2024-5443 was published for lollms (pip) Jun 22, 2024

When generating the systemd service units for the docker snap (and other similar snaps), snapd... Critical Unreviewed

CVE-2020-27352 was published Jun 21, 2024

Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not... Critical Unreviewed

CVE-2023-38389 was published Jun 21, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows... Critical Unreviewed

CVE-2024-35767 was published Jun 21, 2024

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table... Critical Unreviewed

CVE-2023-45197 was published Jun 21, 2024

The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL... Critical Unreviewed

CVE-2024-6027 was published Jun 21, 2024

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress... Critical Unreviewed

CVE-2024-5756 was published Jun 21, 2024

XWiki Platform allows remote code execution from user account Critical

CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to,... Critical Unreviewed

CVE-2024-4098 was published Jun 20, 2024

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for... Critical Unreviewed

CVE-2024-4742 was published Jun 20, 2024

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type'... Critical Unreviewed

CVE-2024-3605 was published Jun 20, 2024

The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed

CVE-2024-5432 was published Jun 20, 2024

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a... Critical Unreviewed

CVE-2023-39312 was published Jun 19, 2024

The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server... Critical Unreviewed

CVE-2024-5021 was published Jun 19, 2024

The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed

CVE-2024-3229 was published Jun 19, 2024

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed

CVE-2024-5853 was published Jun 19, 2024

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC... Critical Unreviewed

CVE-2024-37079 was published Jun 18, 2024

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC... Critical Unreviewed

CVE-2024-37080 was published Jun 18, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

21,709 advisories