GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,731
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,727 advisories
Filter by severity
CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass...
Critical
Unreviewed
CVE-2024-37036
was published
Jun 12, 2024
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the ...
Critical
Unreviewed
CVE-2024-5211
was published
Jun 12, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-4898
was published
Jun 12, 2024
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0,...
Critical
Unreviewed
CVE-2024-35213
was published
Jun 11, 2024
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-30080
was published
Jun 11, 2024
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker...
Critical
Unreviewed
CVE-2024-2012
was published
Jun 11, 2024
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /
API Gateway...
Critical
Unreviewed
CVE-2024-2013
was published
Jun 11, 2024
A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application...
Critical
Unreviewed
CVE-2024-36266
was published
Jun 11, 2024
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-3549
was published
Jun 11, 2024
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
Critical
Unreviewed
CVE-2024-29855
was published
Jun 11, 2024
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion...
Critical
Unreviewed
CVE-2024-32167
was published
Jun 10, 2024
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1...
Critical
Unreviewed
CVE-2024-37051
was published
Jun 10, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress...
Critical
Unreviewed
CVE-2024-35746
was published
Jun 10, 2024
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.
Critical
Unreviewed
CVE-2024-31611
was published
Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-35677
was published
Jun 10, 2024
Vulnerability discovered by executing a planned security audit.
Improper Limitation of a...
Critical
Unreviewed
CVE-2024-34762
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-3699
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-1228
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-3700
was published
Jun 10, 2024
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache...
Critical
Unreviewed
CVE-2024-4577
was published
Jun 9, 2024
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager...
Critical
Unreviewed
CVE-2024-33565
was published
Jun 9, 2024
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a...
Critical
Unreviewed
CVE-2024-31244
was published
Jun 9, 2024
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via...
Critical
Unreviewed
CVE-2024-36673
was published
Jun 7, 2024
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress...
Critical
Unreviewed
CVE-2024-3592
was published
Jun 7, 2024
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its...
Critical
Unreviewed
CVE-2024-3234
was published
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API