Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,080
Erlang
29
GitHub Actions
19
Go
1,908
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

23,047 advisories

Loading
The device enables an unauthorized attacker to execute system commands with elevated privileges.... Critical Unreviewed
CVE-2024-9166 was published Sep 26, 2024
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal Critical
CVE-2024-47169 was published for agnai (npm) Sep 26, 2024
ropwareJB
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a... Critical Unreviewed
CVE-2024-7772 was published Sep 26, 2024
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU)... Critical Unreviewed
CVE-2024-0132 was published Sep 26, 2024
Gradio allows users to access arbitrary files Critical
GHSA-m842-4qm8-7gpq was published for gradio (pip) Sep 25, 2024
Heap-based Buffer Overflow in sqlite-vec Critical
CVE-2024-46488 was published for sqlite-vec (RubyGems) Sep 25, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-4657 was published Sep 25, 2024
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard... Critical Unreviewed
CVE-2024-6592 was published Sep 25, 2024
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On... Critical Unreviewed
CVE-2024-6593 was published Sep 25, 2024
The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id... Critical Unreviewed
CVE-2024-7385 was published Sep 25, 2024
The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order'... Critical Unreviewed
CVE-2024-8275 was published Sep 25, 2024
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object... Critical Unreviewed
CVE-2024-8514 was published Sep 25, 2024
The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word'... Critical Unreviewed
CVE-2024-8621 was published Sep 25, 2024
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an... Critical Unreviewed
CVE-2024-8878 was published Sep 25, 2024
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource... Critical Unreviewed
CVE-2024-9142 was published Sep 25, 2024
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload... Critical Unreviewed
CVE-2024-8940 was published Sep 25, 2024
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to... Critical Unreviewed
CVE-2024-46612 was published Sep 25, 2024
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input... Critical Unreviewed
CVE-2024-9148 was published Sep 25, 2024
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2024-8485 was published Sep 25, 2024
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL... Critical Unreviewed
CVE-2024-8436 was published Sep 25, 2024
Mellium allows Authentication Bypass by Spoofing Critical
CVE-2024-46957 was published for mellium.im/xmpp (Go) Sep 25, 2024
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in... Critical Unreviewed
CVE-2024-42797 was published Sep 25, 2024
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary... Critical Unreviewed
CVE-2023-26686 was published Sep 25, 2024
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user... Critical Unreviewed
CVE-2023-26689 was published Sep 25, 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a... Critical Unreviewed
CVE-2024-45066 was published Sep 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database