Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,647 advisories

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to... Critical Unreviewed
CVE-2024-4315 was published Jun 12, 2024
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0,... Critical Unreviewed
CVE-2024-35213 was published Jun 11, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Critical Unreviewed
CVE-2024-30080 was published Jun 11, 2024
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker... Critical Unreviewed
CVE-2024-2012 was published Jun 11, 2024
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway... Critical Unreviewed
CVE-2024-2013 was published Jun 11, 2024
A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application... Critical Unreviewed
CVE-2024-36266 was published Jun 11, 2024
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL... Critical Unreviewed
CVE-2024-3549 was published Jun 11, 2024
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator Critical Unreviewed
CVE-2024-29855 was published Jun 11, 2024
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1... Critical Unreviewed
CVE-2024-37051 was published Jun 10, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress... Critical Unreviewed
CVE-2024-35746 was published Jun 10, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-35677 was published Jun 10, 2024
Vulnerability discovered by executing a planned security audit. Improper Limitation of a... Critical Unreviewed
CVE-2024-34762 was published Jun 10, 2024
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management Critical
CVE-2024-5389 was published for lunary (pip) Jun 10, 2024
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache... Critical Unreviewed
CVE-2024-4577 was published Jun 9, 2024
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager... Critical Unreviewed
CVE-2024-33565 was published Jun 9, 2024
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a... Critical Unreviewed
CVE-2024-31244 was published Jun 9, 2024
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions Critical
GHSA-6fqw-j3vm-7f66 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite) Critical
GHSA-v42g-7q2x-cw32 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select Critical
GHSA-2x36-qhx3-7m5f was published for zendframework/zendframework1 (Composer) Jun 7, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
Zend-JSON vulnerable to XXE/XEE attacks Critical
GHSA-8x2v-pcg7-94f4 was published for zendframework/zend-json (Composer) Jun 7, 2024
ebookmeta XML External Entity vulnerability Critical
CVE-2024-37388 was published for ebookmeta (pip) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API