GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,964
Erlang
29
GitHub Actions
16
Go
1,746
Maven
4,974
npm
3,507
NuGet
609
pip
3,071
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,709 advisories
Filter by severity
Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User...
Critical
Unreviewed
CVE-2023-6198
was published
Jun 25, 2024
XWiki programming rights may be inherited by inclusion
Critical
CVE-2024-38369
was published
for
org.xwiki.platform:xwiki-platform-rendering-macro-include
(Maven)
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP...
Critical
Unreviewed
CVE-2024-37228
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software...
Critical
Unreviewed
CVE-2024-37109
was published
Jun 24, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
Critical
Unreviewed
CVE-2024-37091
was published
Jun 24, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-37089
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM...
Critical
Unreviewed
CVE-2024-5683
was published
Jun 24, 2024
Remote Code Execution via path traversal bypass in lollms
Critical
CVE-2024-5443
was published
for
lollms
(pip)
Jun 22, 2024
When generating the systemd service units for the docker snap (and other similar snaps), snapd...
Critical
Unreviewed
CVE-2020-27352
was published
Jun 21, 2024
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not...
Critical
Unreviewed
CVE-2023-38389
was published
Jun 21, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows...
Critical
Unreviewed
CVE-2024-35767
was published
Jun 21, 2024
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table...
Critical
Unreviewed
CVE-2023-45197
was published
Jun 21, 2024
The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL...
Critical
Unreviewed
CVE-2024-6027
was published
Jun 21, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Critical
Unreviewed
CVE-2024-5756
was published
Jun 21, 2024
XWiki Platform allows remote code execution from user account
Critical
CVE-2024-37899
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 20, 2024
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to,...
Critical
Unreviewed
CVE-2024-4098
was published
Jun 20, 2024
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for...
Critical
Unreviewed
CVE-2024-4742
was published
Jun 20, 2024
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type'...
Critical
Unreviewed
CVE-2024-3605
was published
Jun 20, 2024
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2024-5432
was published
Jun 20, 2024
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a...
Critical
Unreviewed
CVE-2023-39312
was published
Jun 19, 2024
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server...
Critical
Unreviewed
CVE-2024-5021
was published
Jun 19, 2024
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to...
Critical
Unreviewed
CVE-2024-3229
was published
Jun 19, 2024
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file...
Critical
Unreviewed
CVE-2024-5853
was published
Jun 19, 2024
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2024-37079
was published
Jun 18, 2024
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2024-37080
was published
Jun 18, 2024
ProTip!
Advisories are also available from the
GraphQL API