Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

22,106 advisories

Loading
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a... Critical Unreviewed
CVE-2024-41704 was published Jul 22, 2024
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed... Critical Unreviewed
CVE-2024-41703 was published Jul 22, 2024
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel Critical Unreviewed
CVE-2024-38437 was published Jul 21, 2024
D-Link - CWE-294: Authentication Bypass by Capture-replay Critical Unreviewed
CVE-2024-38438 was published Jul 21, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of... Critical Unreviewed
CVE-2024-6636 was published Jul 20, 2024
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a... Critical Unreviewed
CVE-2024-6205 was published Jul 19, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-0857 was published Jul 18, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics... Critical Unreviewed
CVE-2024-5618 was published Jul 18, 2024
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer... Critical Unreviewed
CVE-2024-5619 was published Jul 18, 2024
1Panel has an SQL injection issue related to the orderBy clause Critical
CVE-2024-39907 was published for github.com/1Panel-dev/1Panel (Go) Jul 18, 2024
xuebibibibibi
A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the... Critical Unreviewed
CVE-2023-4976 was published Jul 17, 2024
A vulnerability in the content scanning and message filtering features of Cisco Secure Email... Critical Unreviewed
CVE-2024-20401 was published Jul 17, 2024
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem... Critical Unreviewed
CVE-2024-20419 was published Jul 17, 2024
A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected... Critical Unreviewed
CVE-2024-6834 was published Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution... Critical Unreviewed
CVE-2024-23471 was published Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This... Critical Unreviewed
CVE-2024-23472 was published Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information... Critical Unreviewed
CVE-2024-23475 was published Jul 17, 2024
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access... Critical Unreviewed
CVE-2024-28074 was published Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information... Critical Unreviewed
CVE-2024-23467 was published Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote... Critical Unreviewed
CVE-2024-23470 was published Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code... Critical Unreviewed
CVE-2024-23466 was published Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability.... Critical Unreviewed
CVE-2024-23469 was published Jul 17, 2024
The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2024-6220 was published Jul 17, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Critical Unreviewed
CVE-2024-21181 was published Jul 17, 2024
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib Critical
GHSA-q5fm-55c2-v6j9 was published for fiona (pip) Jul 16, 2024
ProTip! Advisories are also available from the GraphQL API