Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,796
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,566 advisories

An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak... Critical Unreviewed
CVE-2024-5404 was published Jun 3, 2024
DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote... Critical Unreviewed
CVE-2024-5311 was published Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint Critical
CVE-2024-3584 was published for qdrant (Rust) Jun 2, 2024
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In... Critical Unreviewed
CVE-2024-36391 was published Jun 2, 2024
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path... Critical Unreviewed
CVE-2024-27776 was published Jun 2, 2024
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function Critical Unreviewed
CVE-2024-36388 was published Jun 2, 2024
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication... Critical Unreviewed
CVE-2024-36389 was published Jun 2, 2024
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of... Critical Unreviewed
CVE-2024-3200 was published Jun 1, 2024
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for... Critical Unreviewed
CVE-2024-3820 was published Jun 1, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows... Critical Unreviewed
CVE-2024-29824 was published May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows... Critical Unreviewed
CVE-2024-29825 was published May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows... Critical Unreviewed
CVE-2024-29822 was published May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows... Critical Unreviewed
CVE-2024-29827 was published May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows... Critical Unreviewed
CVE-2024-29823 was published May 31, 2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows... Critical Unreviewed
CVE-2024-29826 was published May 31, 2024
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection... Critical Unreviewed
CVE-2024-23692 was published May 31, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution Critical
GHSA-cc97-g92w-jm65 was published for typo3/cms-core (Composer) May 30, 2024
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack Critical
GHSA-q3jm-v27q-jfww was published for titon/framework (Composer) May 30, 2024
terminal42/contao-tablelookupwizard possible SQL injection in widget field value Critical
GHSA-7fpj-wc8v-9cgc was published for terminal42/contao-tablelookupwizard (Composer) May 30, 2024
Symfony XML decoding attack vector through external entities Critical
GHSA-mmcv-fvq8-r9x3 was published for symfony/symfony (Composer) May 30, 2024
Symfony XML decoding attack vector through external entities Critical
GHSA-j68w-pg49-f6vx was published for symfony/serializer (Composer) May 30, 2024
Swiftmailer Sendmail transport arbitrary shell execution Critical
GHSA-4qpj-gxxg-jqg4 was published for swiftmailer/swiftmailer (Composer) May 29, 2024
Mocodo vulnerable to SQL injection in `/web/generate.php` Critical
CVE-2024-35374 was published for mocodo (pip) May 28, 2024
SimpleSAMLphp signature validation bypass Critical
GHSA-fjr2-r2mp-484p was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5315 was published for dolibarr/dolibarr (Composer) May 24, 2024
ProTip! Advisories are also available from the GraphQL API