GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,731
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
219,699 advisories
Filter by severity
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all...
Critical
Unreviewed
CVE-2024-3922
was published
Jun 13, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to...
Moderate
Unreviewed
CVE-2024-1495
was published
Jun 13, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16...
Moderate
Unreviewed
CVE-2024-1963
was published
Jun 13, 2024
An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting...
Moderate
Unreviewed
CVE-2024-1736
was published
Jun 13, 2024
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5...
Moderate
Unreviewed
CVE-2024-4201
was published
Jun 13, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is...
Moderate
Unreviewed
CVE-2024-31881
was published
Jun 12, 2024
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to...
Unknown
Unreviewed
CVE-2024-3467
was published
Jun 12, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is...
Moderate
Unreviewed
CVE-2023-29267
was published
Jun 12, 2024
An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate...
Unknown
Unreviewed
CVE-2024-37665
was published
Jun 12, 2024
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in...
Unknown
Unreviewed
CVE-2024-36523
was published
Jun 12, 2024
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI...
Unknown
Unreviewed
CVE-2024-3468
was published
Jun 12, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS...
High
Unreviewed
CVE-2024-23299
was published
Jun 10, 2024
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS...
High
Unreviewed
CVE-2022-48578
was published
Jun 10, 2024
The issue was addressed with improved restriction of data container access. This issue is fixed...
Moderate
Unreviewed
CVE-2023-40389
was published
Jun 10, 2024
Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used...
Moderate
Unreviewed
CVE-2024-31612
was published
Jun 10, 2024
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS...
High
Unreviewed
CVE-2022-48683
was published
Jun 10, 2024
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2022-32897
was published
Jun 10, 2024
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.
Critical
Unreviewed
CVE-2024-31611
was published
Jun 10, 2024
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in...
Moderate
Unreviewed
CVE-2024-27792
was published
Jun 10, 2024
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion...
Critical
Unreviewed
CVE-2024-32167
was published
Jun 10, 2024
An information disclosure issue was addressed by removing the vulnerable code. This issue is...
Moderate
Unreviewed
CVE-2022-32933
was published
Jun 10, 2024
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper...
High
Unreviewed
CVE-2024-37393
was published
Jun 10, 2024
A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow...
High
Unreviewed
CVE-2024-5102
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-3699
was published
Jun 10, 2024
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive...
Critical
Unreviewed
CVE-2024-1228
was published
Jun 10, 2024
ProTip!
Advisories are also available from the
GraphQL API