GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,099 advisories
Filter by severity
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset...
Critical
Unreviewed
CVE-2024-24621
was published
Jul 26, 2024
Access control vulnerability in the security verification module.
Impact: Successful exploitation...
Critical
Unreviewed
CVE-2024-39671
was published
Jul 25, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is...
Critical
Unreviewed
CVE-2024-40422
was published
Jul 24, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code...
Critical
Unreviewed
CVE-2024-6327
was published
Jul 24, 2024
Remote command execution due to use of default passwords. The following products are affected:...
Critical
Unreviewed
CVE-2023-45249
was published
Jul 24, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to...
Critical
Unreviewed
CVE-2024-38164
was published
Jul 24, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability...
Critical
Unreviewed
CVE-2024-41319
was published
Jul 23, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming ...
Critical
Unreviewed
CVE-2024-6794
was published
Jul 22, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that...
Critical
Unreviewed
CVE-2024-6793
was published
Jul 22, 2024
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project...
Critical
Unreviewed
CVE-2024-6806
was published
Jul 22, 2024
Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to...
Critical
Unreviewed
CVE-2024-6912
was published
Jul 22, 2024
Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a...
Critical
Unreviewed
CVE-2024-6913
was published
Jul 22, 2024
All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ...
Critical
Unreviewed
CVE-2024-21552
was published
Jul 22, 2024
Ankitects Anki arbitrary script execution vulnerability
Critical
CVE-2024-26020
was published
for
anki
(pip)
Jul 22, 2024
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5...
Critical
Unreviewed
CVE-2024-37998
was published
Jul 22, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-38773
was published
Jul 22, 2024
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"...
Critical
Unreviewed
CVE-2024-37391
was published
Jul 22, 2024
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a...
Critical
Unreviewed
CVE-2024-41704
was published
Jul 22, 2024
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed...
Critical
Unreviewed
CVE-2024-41703
was published
Jul 22, 2024
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
Critical
Unreviewed
CVE-2024-38437
was published
Jul 21, 2024
D-Link -
CWE-294: Authentication Bypass by Capture-replay
Critical
Unreviewed
CVE-2024-38438
was published
Jul 21, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of...
Critical
Unreviewed
CVE-2024-6636
was published
Jul 20, 2024
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a...
Critical
Unreviewed
CVE-2024-6205
was published
Jul 19, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-0857
was published
Jul 18, 2024
ProTip!
Advisories are also available from the
GraphQL API