GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
23,089 advisories
Filter by severity
The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order'...
Critical
Unreviewed
CVE-2024-8275
was published
Sep 25, 2024
The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word'...
Critical
Unreviewed
CVE-2024-8621
was published
Sep 25, 2024
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource...
Critical
Unreviewed
CVE-2024-9142
was published
Sep 25, 2024
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-8436
was published
Sep 25, 2024
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload...
Critical
Unreviewed
CVE-2024-8940
was published
Sep 25, 2024
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an...
Critical
Unreviewed
CVE-2024-8878
was published
Sep 25, 2024
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to...
Critical
Unreviewed
CVE-2024-46612
was published
Sep 25, 2024
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via...
Critical
Unreviewed
CVE-2024-8485
was published
Sep 25, 2024
Mellium allows Authentication Bypass by Spoofing
Critical
CVE-2024-46957
was published
for
mellium.im/xmpp
(Go)
Sep 25, 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE
UTILITY sub-menu can allow a...
Critical
Unreviewed
CVE-2024-43693
was published
Sep 25, 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP
sub-menu can allow a...
Critical
Unreviewed
CVE-2024-45066
was published
Sep 25, 2024
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user...
Critical
Unreviewed
CVE-2024-43423
was published
Sep 25, 2024
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary...
Critical
Unreviewed
CVE-2023-26686
was published
Sep 25, 2024
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in...
Critical
Unreviewed
CVE-2024-42797
was published
Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-42505
was published
Sep 25, 2024
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user...
Critical
Unreviewed
CVE-2023-26689
was published
Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-42506
was published
Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-42507
was published
Sep 25, 2024
An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full...
Critical
Unreviewed
CVE-2024-43692
was published
Sep 25, 2024
The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file...
Critical
Unreviewed
CVE-2024-8671
was published
Sep 24, 2024
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin...
Critical
Unreviewed
CVE-2024-8791
was published
Sep 24, 2024
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection...
Critical
Unreviewed
CVE-2024-8624
was published
Sep 24, 2024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote...
Critical
Unreviewed
CVE-2024-7024
was published
Sep 24, 2024
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via...
Critical
Unreviewed
CVE-2024-47222
was published
Sep 23, 2024
DataEase's H2 datasource has a remote command execution risk
Critical
CVE-2024-46997
was published
for
io.dataease:common
(Maven)
Sep 23, 2024
ProTip!
Advisories are also available from the
GraphQL API