GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,046
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,596
NuGet
638
pip
3,182
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+
96,469 advisories
Filter by severity
The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and...
High
Unreviewed
CVE-2024-2694
was published
Aug 30, 2024
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions...
High
Unreviewed
CVE-2024-5784
was published
Aug 30, 2024
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(),...
High
Unreviewed
CVE-2024-8234
was published
Aug 30, 2024
6SHR system from Gether Technology does not properly validate uploaded file types, allowing...
High
Unreviewed
CVE-2024-8330
was published
Aug 30, 2024
Easy test
Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not...
High
Unreviewed
CVE-2024-8327
was published
Aug 30, 2024
6SHR system from Gether Technology does not properly validate the specific page parameter,...
High
Unreviewed
CVE-2024-8329
was published
Aug 30, 2024
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an...
High
Unreviewed
CVE-2024-6672
was published
Aug 30, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43921
was published
Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of...
High
Unreviewed
CVE-2024-44778
was published
Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page...
High
Unreviewed
CVE-2024-44779
was published
Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of...
High
Unreviewed
CVE-2024-44777
was published
Aug 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-43943
was published
Aug 29, 2024
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote...
High
Unreviewed
CVE-2024-8255
was published
Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43963
was published
Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43958
was published
Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43926
was published
Aug 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-43965
was published
Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43948
was published
Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43950
was published
Aug 29, 2024
XXE in PHPSpreadsheet encoding is returned
High
CVE-2024-45048
was published
for
phpoffice/phpspreadsheet
(Composer)
Aug 29, 2024
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
High
CVE-2024-43805
was published
for
jupyterlab
(pip)
Aug 29, 2024
Kirby has insufficient permission checks in the language settings
High
CVE-2024-41964
was published
for
getkirby/cms
(Composer)
Aug 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-38793
was published
Aug 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-38693
was published
Aug 29, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-39620
was published
Aug 29, 2024
ProTip!
Advisories are also available from the
GraphQL API