GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,106 advisories
Filter by severity
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a...
Critical
Unreviewed
CVE-2024-41704
was published
Jul 22, 2024
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed...
Critical
Unreviewed
CVE-2024-41703
was published
Jul 22, 2024
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
Critical
Unreviewed
CVE-2024-38437
was published
Jul 21, 2024
D-Link -
CWE-294: Authentication Bypass by Capture-replay
Critical
Unreviewed
CVE-2024-38438
was published
Jul 21, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of...
Critical
Unreviewed
CVE-2024-6636
was published
Jul 20, 2024
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a...
Critical
Unreviewed
CVE-2024-6205
was published
Jul 19, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-0857
was published
Jul 18, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics...
Critical
Unreviewed
CVE-2024-5618
was published
Jul 18, 2024
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer...
Critical
Unreviewed
CVE-2024-5619
was published
Jul 18, 2024
1Panel has an SQL injection issue related to the orderBy clause
Critical
CVE-2024-39907
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2024
A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the...
Critical
Unreviewed
CVE-2023-4976
was published
Jul 17, 2024
A vulnerability in the content scanning and message filtering features of Cisco Secure Email...
Critical
Unreviewed
CVE-2024-20401
was published
Jul 17, 2024
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem...
Critical
Unreviewed
CVE-2024-20419
was published
Jul 17, 2024
A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected...
Critical
Unreviewed
CVE-2024-6834
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution...
Critical
Unreviewed
CVE-2024-23471
was published
Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This...
Critical
Unreviewed
CVE-2024-23472
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
Critical
Unreviewed
CVE-2024-23475
was published
Jul 17, 2024
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access...
Critical
Unreviewed
CVE-2024-28074
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
Critical
Unreviewed
CVE-2024-23467
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote...
Critical
Unreviewed
CVE-2024-23470
was published
Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code...
Critical
Unreviewed
CVE-2024-23466
was published
Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability....
Critical
Unreviewed
CVE-2024-23469
was published
Jul 17, 2024
The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
Critical
Unreviewed
CVE-2024-6220
was published
Jul 17, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Critical
Unreviewed
CVE-2024-21181
was published
Jul 17, 2024
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib
Critical
GHSA-q5fm-55c2-v6j9
was published
for
fiona
(pip)
Jul 16, 2024
ProTip!
Advisories are also available from the
GraphQL API