GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,575
Composer 3,992
Erlang 29
GitHub Actions 16
Go 1,782
Maven 5,014
npm 3,544
NuGet 619
pip 3,134
Pub 10
RubyGems 838
Rust 795
Swift 34

Unreviewed advisories

All unreviewed 223,690

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

22,106 advisories

Filter by severity

Sort by

Least recently updated

A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user... Critical Unreviewed

CVE-2023-38051 was published Jul 9, 2024

A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to... Critical Unreviewed

CVE-2023-38054 was published Jul 9, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows... Critical Unreviewed

CVE-2024-37418 was published Jul 9, 2024

A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,... Critical Unreviewed

CVE-2023-38052 was published Jul 9, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site... Critical Unreviewed

CVE-2024-37420 was published Jul 9, 2024

A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged... Critical Unreviewed

CVE-2023-3287 was published Jul 9, 2024

A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to... Critical Unreviewed

CVE-2023-38055 was published Jul 9, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks... Critical Unreviewed

CVE-2024-37424 was published Jul 9, 2024

A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to... Critical Unreviewed

CVE-2023-38053 was published Jul 9, 2024

The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed

CVE-2024-6314 was published Jul 9, 2024

The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users... Critical Unreviewed

CVE-2024-6313 was published Jul 9, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-37112 was published Jul 9, 2024

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the ... Critical Unreviewed

CVE-2024-3604 was published Jul 9, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using... Critical Unreviewed

CVE-2024-37555 was published Jul 9, 2024

An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS... Critical Unreviewed

CVE-2024-28747 was published Jul 9, 2024

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials. Critical Unreviewed

CVE-2024-28751 was published Jul 9, 2024

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes,... Critical Unreviewed

CVE-2024-5488 was published Jul 9, 2024

The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all... Critical Unreviewed

CVE-2024-6365 was published Jul 9, 2024

tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming... Critical Unreviewed

CVE-2024-1305 was published Jul 8, 2024

A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013... Critical Unreviewed

CVE-2023-46685 was published Jul 8, 2024

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote... Critical Unreviewed

CVE-2024-27710 was published Jul 5, 2024

SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute... Critical Unreviewed

CVE-2024-27709 was published Jul 5, 2024

Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. Critical Unreviewed

CVE-2024-23997 was published Jul 5, 2024

14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the... Critical Unreviewed

CVE-2024-37768 was published Jul 5, 2024

goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via... Critical Unreviewed

CVE-2024-23998 was published Jul 5, 2024

Previous 1 2 3 4 5 6 7 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

22,106 advisories