GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,106 advisories
Filter by severity
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user...
Critical
Unreviewed
CVE-2023-38051
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38054
was published
Jul 9, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows...
Critical
Unreviewed
CVE-2024-37418
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,...
Critical
Unreviewed
CVE-2023-38052
was published
Jul 9, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site...
Critical
Unreviewed
CVE-2024-37420
was published
Jul 9, 2024
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged...
Critical
Unreviewed
CVE-2023-3287
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38055
was published
Jul 9, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks...
Critical
Unreviewed
CVE-2024-37424
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38053
was published
Jul 9, 2024
The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to...
Critical
Unreviewed
CVE-2024-6314
was published
Jul 9, 2024
The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users...
Critical
Unreviewed
CVE-2024-6313
was published
Jul 9, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37112
was published
Jul 9, 2024
The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the ...
Critical
Unreviewed
CVE-2024-3604
was published
Jul 9, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using...
Critical
Unreviewed
CVE-2024-37555
was published
Jul 9, 2024
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS...
Critical
Unreviewed
CVE-2024-28747
was published
Jul 9, 2024
An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.
Critical
Unreviewed
CVE-2024-28751
was published
Jul 9, 2024
The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes,...
Critical
Unreviewed
CVE-2024-5488
was published
Jul 9, 2024
The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all...
Critical
Unreviewed
CVE-2024-6365
was published
Jul 9, 2024
tap-windows6 driver version 9.26 and earlier does not properly
check the size data of incomming...
Critical
Unreviewed
CVE-2024-1305
was published
Jul 8, 2024
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013...
Critical
Unreviewed
CVE-2023-46685
was published
Jul 8, 2024
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote...
Critical
Unreviewed
CVE-2024-27710
was published
Jul 5, 2024
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-27709
was published
Jul 5, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
Critical
Unreviewed
CVE-2024-23997
was published
Jul 5, 2024
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the...
Critical
Unreviewed
CVE-2024-37768
was published
Jul 5, 2024
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via...
Critical
Unreviewed
CVE-2024-23998
was published
Jul 5, 2024
ProTip!
Advisories are also available from the
GraphQL API