GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,412
Erlang
28
GitHub Actions
16
Go
1,649
Maven
4,914
npm
3,437
NuGet
594
pip
2,682
Pub
10
RubyGems
822
Rust
760
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
214,337 advisories
Filter by severity
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress...
Moderate
Unreviewed
CVE-2024-2258
was published
Apr 27, 2024
The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2024-2838
was published
Apr 27, 2024
The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up...
Low
Unreviewed
CVE-2024-3034
was published
Apr 27, 2024
By default, SANnav OVA is shipped with root user login enabled. While protected by a password,...
Moderate
Unreviewed
CVE-2024-2859
was published
Apr 27, 2024
A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Affected is the...
High
Unreviewed
CVE-2024-4243
was published
Apr 27, 2024
A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Affected by this...
High
Unreviewed
CVE-2024-4244
was published
Apr 27, 2024
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is...
High
Unreviewed
CVE-2024-3052
was published
Apr 27, 2024
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end...
High
Unreviewed
CVE-2024-3051
was published
Apr 27, 2024
Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary...
Unknown
Unreviewed
CVE-2024-31741
was published
Apr 27, 2024
SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC...
Unknown
Unreviewed
CVE-2024-28322
was published
Apr 27, 2024
Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105...
Unknown
Unreviewed
CVE-2024-31551
was published
Apr 27, 2024
An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an...
Unknown
Unreviewed
CVE-2024-30804
was published
Apr 27, 2024
Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary...
Unknown
Unreviewed
CVE-2024-31828
was published
Apr 27, 2024
A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. This...
High
Unreviewed
CVE-2024-4241
was published
Apr 26, 2024
A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. This...
High
Unreviewed
CVE-2024-4240
was published
Apr 26, 2024
A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. This issue...
High
Unreviewed
CVE-2024-4242
was published
Apr 26, 2024
A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this...
High
Unreviewed
CVE-2024-4239
was published
Apr 26, 2024
JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions....
Unknown
Unreviewed
CVE-2023-26603
was published
Apr 26, 2024
A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is...
High
Unreviewed
CVE-2024-4237
was published
Apr 26, 2024
A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by...
High
Unreviewed
CVE-2024-4238
was published
Apr 26, 2024
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for...
Unknown
Unreviewed
CVE-2022-48611
was published
Apr 26, 2024
Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to...
Unknown
Unreviewed
CVE-2024-28325
was published
Apr 26, 2024
Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root...
Unknown
Unreviewed
CVE-2024-28326
was published
Apr 26, 2024
Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to...
Unknown
Unreviewed
CVE-2024-28327
was published
Apr 26, 2024
An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate...
Unknown
Unreviewed
CVE-2024-31502
was published
Apr 26, 2024
ProTip!
Advisories are also available from the
GraphQL API