GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,799 advisories
Filter by severity
Path Traversal: '\..\filename' in GitHub repository stitionai/devika prior to -.
Critical
Unreviewed
CVE-2024-5926
was published
Jun 30, 2024
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin...
Critical
Unreviewed
CVE-2024-6265
was published
Jun 29, 2024
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web...
Critical
Unreviewed
CVE-2024-5827
was published
Jun 29, 2024
PTC Creo Elements/Direct License Server exposes a web interface which can be used by...
Critical
Unreviewed
CVE-2024-6071
was published
Jun 28, 2024
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search...
Critical
Unreviewed
CVE-2021-44026
was published
May 24, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of...
Critical
Unreviewed
CVE-2023-27350
was published
Apr 20, 2023
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks...
Critical
Unreviewed
CVE-2024-2973
was published
Jun 27, 2024
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS...
Critical
Unreviewed
CVE-2024-3330
was published
Jun 27, 2024
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote...
Critical
Unreviewed
CVE-2024-6127
was published
Jun 27, 2024
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and...
Critical
Unreviewed
CVE-2016-3427
was published
May 13, 2022
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics...
Critical
Unreviewed
CVE-2024-0947
was published
Jun 27, 2024
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission...
Critical
Unreviewed
CVE-2024-0949
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11...
Critical
Unreviewed
CVE-2024-5655
was published
Jun 27, 2024
Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL...
Critical
Unreviewed
CVE-2024-1839
was published
Jun 26, 2024
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated...
Critical
Unreviewed
CVE-2023-6448
was published
Dec 5, 2023
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1....
Critical
Unreviewed
CVE-2023-49103
was published
Nov 22, 2023
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The...
Critical
Unreviewed
CVE-2024-33879
was published
Jun 24, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -...
Critical
Unreviewed
CVE-2024-4228
was published
Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37252
was published
Jun 26, 2024
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability...
Critical
Unreviewed
CVE-2024-5181
was published
Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution...
Critical
Unreviewed
CVE-2024-4884
was published
Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in...
Critical
Unreviewed
CVE-2024-4883
was published
Jun 25, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify...
Critical
Unreviewed
CVE-2024-5276
was published
Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution...
Critical
Unreviewed
CVE-2024-4885
was published
Jun 25, 2024
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows...
Critical
Unreviewed
CVE-2024-5805
was published
Jun 25, 2024
ProTip!
Advisories are also available from the
GraphQL API