GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,370
Composer 3,968
Erlang 29
GitHub Actions 16
Go 1,749
Maven 4,978
npm 3,509
NuGet 609
pip 3,084
Pub 10
RubyGems 832
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,313

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

18,799 advisories

Filter by severity

Sort by

Least recently updated

Path Traversal: '\..\filename' in GitHub repository stitionai/devika prior to -. Critical Unreviewed

CVE-2024-5926 was published Jun 30, 2024

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin... Critical Unreviewed

CVE-2024-6265 was published Jun 29, 2024

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web... Critical Unreviewed

CVE-2024-5827 was published Jun 29, 2024

PTC Creo Elements/Direct License Server exposes a web interface which can be used by... Critical Unreviewed

CVE-2024-6071 was published Jun 28, 2024

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search... Critical Unreviewed

CVE-2021-44026 was published May 24, 2022

This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed

CVE-2023-27350 was published Apr 20, 2023

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks... Critical Unreviewed

CVE-2024-2973 was published Jun 27, 2024

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS... Critical Unreviewed

CVE-2024-3330 was published Jun 27, 2024

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote... Critical Unreviewed

CVE-2024-6127 was published Jun 27, 2024

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and... Critical Unreviewed

CVE-2016-3427 was published May 13, 2022

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics... Critical Unreviewed

CVE-2024-0947 was published Jun 27, 2024

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission... Critical Unreviewed

CVE-2024-0949 was published Jun 27, 2024

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11... Critical Unreviewed

CVE-2024-5655 was published Jun 27, 2024

Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL... Critical Unreviewed

CVE-2024-1839 was published Jun 26, 2024

Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed

CVE-2023-6448 was published Dec 5, 2023

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1.... Critical Unreviewed

CVE-2023-49103 was published Nov 22, 2023

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The... Critical Unreviewed

CVE-2024-33879 was published Jun 24, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -... Critical Unreviewed

CVE-2024-4228 was published Jun 26, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-37252 was published Jun 26, 2024

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability... Critical Unreviewed

CVE-2024-5181 was published Jun 26, 2024

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed

CVE-2024-4884 was published Jun 25, 2024

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in... Critical Unreviewed

CVE-2024-4883 was published Jun 25, 2024

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify... Critical Unreviewed

CVE-2024-5276 was published Jun 25, 2024

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed

CVE-2024-4885 was published Jun 25, 2024

Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows... Critical Unreviewed

CVE-2024-5805 was published Jun 25, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

18,799 advisories