GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,024 advisories
Filter by severity
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP...
Critical
Unreviewed
CVE-2024-8353
was published
Sep 28, 2024
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote...
Critical
Unreviewed
CVE-2024-46367
was published
Sep 27, 2024
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI...
Critical
Unreviewed
CVE-2023-39213
was published
Aug 9, 2023
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an...
Critical
Unreviewed
CVE-2023-39216
was published
Aug 8, 2023
OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the...
Critical
Unreviewed
CVE-2024-8310
was published
Sep 27, 2024
OMNTEC Proteus Tank Monitoring OEL8000III Series
could allow an attacker to perform...
Critical
Unreviewed
CVE-2024-6981
was published
Sep 27, 2024
Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete...
Critical
Unreviewed
CVE-2024-8630
was published
Sep 27, 2024
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western...
Critical
Unreviewed
CVE-2024-22170
was published
Sep 27, 2024
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands...
Critical
Unreviewed
CVE-2024-46627
was published
Sep 26, 2024
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and...
Critical
Unreviewed
CVE-2024-6386
was published
Aug 21, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-3373
was published
Sep 27, 2024
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp...
Critical
Unreviewed
CVE-2024-8644
was published
Sep 27, 2024
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking...
Critical
Unreviewed
CVE-2024-8643
was published
Sep 27, 2024
TouchLink packets processed after timeout or out of range due to Operation on a Resource after...
Critical
Unreviewed
CVE-2023-41094
was published
Oct 4, 2023
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser...
Critical
Unreviewed
CVE-2024-34026
was published
Sep 18, 2024
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive...
Critical
Unreviewed
CVE-2024-47088
was published
Sep 19, 2024
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an...
Critical
Unreviewed
CVE-2024-22127
was published
Mar 12, 2024
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9...
Critical
Unreviewed
CVE-2023-37759
was published
Sep 8, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-5958
was published
Sep 18, 2024
The device enables an unauthorized attacker to execute system commands with elevated privileges....
Critical
Unreviewed
CVE-2024-9166
was published
Sep 26, 2024
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in...
Critical
Unreviewed
CVE-2023-40039
was published
Sep 11, 2023
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-5959
was published
Sep 18, 2024
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass...
Critical
Unreviewed
CVE-2024-8277
was published
Sep 11, 2024
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a...
Critical
Unreviewed
CVE-2024-7772
was published
Sep 26, 2024
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU)...
Critical
Unreviewed
CVE-2024-0132
was published
Sep 26, 2024
ProTip!
Advisories are also available from the
GraphQL API