Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,073
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,725 advisories

Loading
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11... Critical Unreviewed
CVE-2024-5655 was published Jun 27, 2024
Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL... Critical Unreviewed
CVE-2024-1839 was published Jun 26, 2024
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed
CVE-2023-6448 was published Dec 5, 2023
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1.... Critical Unreviewed
CVE-2023-49103 was published Nov 22, 2023
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The... Critical Unreviewed
CVE-2024-33879 was published Jun 24, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -... Critical Unreviewed
CVE-2024-4228 was published Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-37252 was published Jun 26, 2024
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability... Critical Unreviewed
CVE-2024-5181 was published Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed
CVE-2024-4884 was published Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in... Critical Unreviewed
CVE-2024-4883 was published Jun 25, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify... Critical Unreviewed
CVE-2024-5276 was published Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed
CVE-2024-4885 was published Jun 25, 2024
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows... Critical Unreviewed
CVE-2024-5805 was published Jun 25, 2024
Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be... Critical Unreviewed
CVE-2024-6303 was published Jun 25, 2024
The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ... Critical Unreviewed
CVE-2024-6028 was published Jun 25, 2024
An improper input validation vulnerability was discovered in Avaya IP Office that could allow... Critical Unreviewed
CVE-2024-4196 was published Jun 25, 2024
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow... Critical Unreviewed
CVE-2024-4197 was published Jun 25, 2024
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with... Critical Unreviewed
CVE-2024-6297 was published Jun 25, 2024
Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User... Critical Unreviewed
CVE-2023-6198 was published Jun 25, 2024
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table... Critical Unreviewed
CVE-2023-45197 was published Jun 21, 2024
The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL... Critical Unreviewed
CVE-2024-6027 was published Jun 21, 2024
XWiki programming rights may be inherited by inclusion Critical
CVE-2024-38369 was published for org.xwiki.platform:xwiki-platform-rendering-macro-include (Maven) Jun 24, 2024
Remote Code Execution via path traversal bypass in lollms Critical
CVE-2024-5443 was published for lollms (pip) Jun 22, 2024
SM2 Decryption Buffer Overflow Critical
CVE-2021-3711 was published for openssl-src (Rust) May 24, 2022
another-rex
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP... Critical Unreviewed
CVE-2024-37228 was published Jun 24, 2024
ProTip! Advisories are also available from the GraphQL API