GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,039 advisories
Filter by severity
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)...
Critical
Unreviewed
CVE-2024-37759
was published
Jun 24, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40539
was published
Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40541
was published
Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40542
was published
Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability...
Critical
Unreviewed
CVE-2024-40540
was published
Jul 12, 2024
jsonic was discovered to contain a prototype pollution via the function empty.
Critical
CVE-2024-38993
was published
for
jsonic
(npm)
Jul 1, 2024
•
withdrawn
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to...
Critical
Unreviewed
CVE-2024-40618
was published
Jul 11, 2024
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows...
Critical
Unreviewed
CVE-2024-4620
was published
Jun 7, 2024
SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With...
Critical
Unreviewed
CVE-2024-37870
was published
Jul 9, 2024
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07...
Critical
Unreviewed
CVE-2023-36091
was published
Jul 31, 2023
Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import...
Critical
Unreviewed
CVE-2024-38734
was published
Jul 12, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX...
Critical
Unreviewed
CVE-2024-38736
was published
Jul 12, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-6397
was published
Jul 11, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37933
was published
Jul 12, 2024
Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation...
Critical
Unreviewed
CVE-2024-37927
was published
Jul 12, 2024
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an...
Critical
Unreviewed
CVE-2024-38475
was published
Jul 1, 2024
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported...
Critical
Unreviewed
CVE-2024-5535
was published
Jun 27, 2024
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable...
Critical
Unreviewed
CVE-2024-6328
was published
Jul 12, 2024
Path Traversal: '\..\filename' in aimhubio/aim
Critical
Unreviewed
CVE-2024-6396
was published
Jul 12, 2024
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and...
Critical
Unreviewed
CVE-2024-4879
was published
Jul 10, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Washington...
Critical
Unreviewed
CVE-2024-5217
was published
Jul 10, 2024
Prototype pollution in ag-grid-community via the _.mergeDeep function
Critical
CVE-2024-38996
was published
for
ag-grid-community
(npm)
Jul 1, 2024
An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and...
Critical
Unreviewed
CVE-2024-36435
was published
Jul 11, 2024
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013...
Critical
Unreviewed
CVE-2023-46685
was published
Jul 8, 2024
Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php.
Critical
Unreviewed
CVE-2024-39071
was published
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API