GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
242,121 advisories
Filter by severity
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding...
High
Unreviewed
CVE-2024-39542
was published
Jul 11, 2024
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows...
Critical
Unreviewed
CVE-2024-4620
was published
Jun 7, 2024
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating...
Moderate
Unreviewed
CVE-2024-4474
was published
Jun 21, 2024
In an out-of-memory scenario an allocation could fail but free would have been called on the...
High
Unreviewed
CVE-2024-6603
was published
Jul 9, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
High
Unreviewed
CVE-2024-36074
was published
Jun 27, 2024
Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks,...
High
Unreviewed
CVE-2024-39171
was published
Jul 9, 2024
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer...
High
Unreviewed
CVE-2023-52168
was published
Jul 3, 2024
SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With...
Critical
Unreviewed
CVE-2024-37870
was published
Jul 9, 2024
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07...
Critical
Unreviewed
CVE-2023-36091
was published
Jul 31, 2023
Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code...
Unknown
Unreviewed
CVE-2024-40110
was published
Jul 12, 2024
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an...
Moderate
Unreviewed
CVE-2024-40690
was published
Jul 12, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in N...
High
Unreviewed
CVE-2024-38735
was published
Jul 12, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import...
Critical
Unreviewed
CVE-2024-38734
was published
Jul 12, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX...
Critical
Unreviewed
CVE-2024-38736
was published
Jul 12, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-38717
was published
Jul 12, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2024-38716
was published
Jul 12, 2024
Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken...
Moderate
Unreviewed
CVE-2024-37405
was published
Jul 12, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-6397
was published
Jul 11, 2024
The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its...
Moderate
Unreviewed
CVE-2024-6026
was published
Jul 11, 2024
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not...
Moderate
Unreviewed
CVE-2024-6138
was published
Jul 11, 2024
Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8...
High
Unreviewed
CVE-2024-3325
was published
Jul 10, 2024
The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block...
Moderate
Unreviewed
CVE-2024-4655
was published
Jul 11, 2024
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ parameter in...
High
Unreviewed
CVE-2024-6666
was published
Jul 11, 2024
The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode...
Moderate
Unreviewed
CVE-2024-5444
was published
Jul 11, 2024
SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows...
High
Unreviewed
CVE-2024-37872
was published
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API