Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,046
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,596
NuGet
638
pip
3,182
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

96,469 advisories

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and... High Unreviewed
CVE-2024-2694 was published Aug 30, 2024
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions... High Unreviewed
CVE-2024-5784 was published Aug 30, 2024
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(),... High Unreviewed
CVE-2024-8234 was published Aug 30, 2024
6SHR system from Gether Technology does not properly validate uploaded file types, allowing... High Unreviewed
CVE-2024-8330 was published Aug 30, 2024
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not... High Unreviewed
CVE-2024-8327 was published Aug 30, 2024
6SHR system from Gether Technology does not properly validate the specific page parameter,... High Unreviewed
CVE-2024-8329 was published Aug 30, 2024
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an... High Unreviewed
CVE-2024-6672 was published Aug 30, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43921 was published Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of... High Unreviewed
CVE-2024-44778 was published Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page... High Unreviewed
CVE-2024-44779 was published Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of... High Unreviewed
CVE-2024-44777 was published Aug 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-43943 was published Aug 29, 2024
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote... High Unreviewed
CVE-2024-8255 was published Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43963 was published Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43958 was published Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43926 was published Aug 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-43965 was published Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43948 was published Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43950 was published Aug 29, 2024
XXE in PHPSpreadsheet encoding is returned High
CVE-2024-45048 was published for phpoffice/phpspreadsheet (Composer) Aug 29, 2024
bytehope
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering High
CVE-2024-43805 was published for jupyterlab (pip) Aug 29, 2024
jackfromeast ishmeals
RRosio krassowski
Kirby has insufficient permission checks in the language settings High
CVE-2024-41964 was published for getkirby/cms (Composer) Aug 29, 2024
SebastianEberlein-JUNO
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-38793 was published Aug 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-38693 was published Aug 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-39620 was published Aug 29, 2024
ProTip! Advisories are also available from the GraphQL API