GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,701 advisories
Filter by severity
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3033
was published
Jun 6, 2024
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal,...
Critical
Unreviewed
CVE-2024-5675
was published
Jun 6, 2024
Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.
Critical
Unreviewed
CVE-2024-36779
was published
Jun 6, 2024
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL...
Critical
Unreviewed
CVE-2024-36393
was published
Jun 6, 2024
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-36394
was published
Jun 6, 2024
The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all...
Critical
Unreviewed
CVE-2024-5153
was published
Jun 6, 2024
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows...
Critical
Unreviewed
CVE-2024-4008
was published
Jun 5, 2024
Replay Attack
in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows...
Critical
Unreviewed
CVE-2024-4009
was published
Jun 5, 2024
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6...
Critical
Unreviewed
CVE-2024-24790
was published
Jun 5, 2024
Arbitrary Code Execution in TYPO3 CMS
Critical
GHSA-67wg-6j7r-mqh8
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Missing Access Check in TYPO3 CMS
Critical
GHSA-gwfx-p7mr-f92v
was published
for
typo3/cms
(Composer)
Jun 5, 2024
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-4743
was published
Jun 5, 2024
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via...
Critical
Unreviewed
CVE-2024-4295
was published
Jun 5, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery
Critical
CVE-2024-5262
was published
for
github.com/projectdiscovery/interactsh
(Go)
Jun 5, 2024
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
Critical
Unreviewed
CVE-2024-36675
was published
Jun 5, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn...
Critical
Unreviewed
CVE-2024-36604
was published
Jun 4, 2024
Jan path traversal vulnerability
Critical
CVE-2024-36858
was published
for
@janhq/core
(npm)
Jun 4, 2024
Unable to generate the correct character set
Critical
CVE-2024-36400
was published
for
nano-id
(Rust)
Jun 4, 2024
nano-id reduced entropy due to inadequate character set usage
Critical
GHSA-2hfw-w739-p7x5
was published
for
nano-id
(Rust)
Jun 4, 2024
Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation...
Critical
Unreviewed
CVE-2024-35700
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-33560
was published
Jun 4, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks...
Critical
Unreviewed
CVE-2024-25600
was published
Jun 4, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-34551
was published
Jun 4, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2024-35629
was published
Jun 4, 2024
ProTip!
Advisories are also available from the
GraphQL API