Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

22,039 advisories

Loading
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)... Critical Unreviewed
CVE-2024-37759 was published Jun 24, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability... Critical Unreviewed
CVE-2024-40539 was published Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability... Critical Unreviewed
CVE-2024-40541 was published Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability... Critical Unreviewed
CVE-2024-40542 was published Jul 12, 2024
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability... Critical Unreviewed
CVE-2024-40540 was published Jul 12, 2024
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024 withdrawn
wzrdtales
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to... Critical Unreviewed
CVE-2024-40618 was published Jul 11, 2024
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows... Critical Unreviewed
CVE-2024-4620 was published Jun 7, 2024
SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With... Critical Unreviewed
CVE-2024-37870 was published Jul 9, 2024
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07... Critical Unreviewed
CVE-2023-36091 was published Jul 31, 2023
Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import... Critical Unreviewed
CVE-2024-38734 was published Jul 12, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX... Critical Unreviewed
CVE-2024-38736 was published Jul 12, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-6397 was published Jul 11, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-37933 was published Jul 12, 2024
Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation... Critical Unreviewed
CVE-2024-37927 was published Jul 12, 2024
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an... Critical Unreviewed
CVE-2024-38475 was published Jul 1, 2024
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported... Critical Unreviewed
CVE-2024-5535 was published Jun 27, 2024
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-6328 was published Jul 12, 2024
Path Traversal: '\..\filename' in aimhubio/aim Critical Unreviewed
CVE-2024-6396 was published Jul 12, 2024
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and... Critical Unreviewed
CVE-2024-4879 was published Jul 10, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Washington... Critical Unreviewed
CVE-2024-5217 was published Jul 10, 2024
Prototype pollution in ag-grid-community via the _.mergeDeep function Critical
CVE-2024-38996 was published for ag-grid-community (npm) Jul 1, 2024
kiril-matev
An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and... Critical Unreviewed
CVE-2024-36435 was published Jul 11, 2024
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013... Critical Unreviewed
CVE-2023-46685 was published Jul 8, 2024
Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. Critical Unreviewed
CVE-2024-39071 was published Jul 9, 2024
ProTip! Advisories are also available from the GraphQL API