GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,541 advisories
Filter by severity
Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation...
Critical
Unreviewed
CVE-2023-32244
was published
May 17, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2023-32297
was published
May 17, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content...
Critical
Unreviewed
CVE-2024-31351
was published
May 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code...
Critical
Unreviewed
CVE-2023-23645
was published
May 17, 2024
Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation...
Critical
Unreviewed
CVE-2023-25701
was published
May 17, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best...
Critical
Unreviewed
CVE-2023-25444
was published
May 17, 2024
Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege...
Critical
Unreviewed
CVE-2023-26009
was published
May 17, 2024
The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all...
Critical
Unreviewed
CVE-2024-3551
was published
May 17, 2024
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may...
Critical
Unreviewed
CVE-2024-22476
was published
May 16, 2024
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Critical
CVE-2024-5023
was published
for
consoleme
(pip)
May 16, 2024
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php...
Critical
Unreviewed
CVE-2024-4992
was published
May 16, 2024
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php...
Critical
Unreviewed
CVE-2024-4991
was published
May 16, 2024
SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability...
Critical
Unreviewed
CVE-2024-4826
was published
May 16, 2024
Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of...
Critical
Unreviewed
CVE-2024-30314
was published
May 16, 2024
A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute...
Critical
Unreviewed
CVE-2024-4326
was published
May 16, 2024
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of...
Critical
Unreviewed
CVE-2024-4223
was published
May 16, 2024
A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows...
Critical
Unreviewed
CVE-2024-4078
was published
May 16, 2024
A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to...
Critical
Unreviewed
CVE-2024-2361
was published
May 16, 2024
A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows...
Critical
Unreviewed
CVE-2024-2358
was published
May 16, 2024
A remote code execution vulnerability exists in the parisneo/lollms-webui application,...
Critical
Unreviewed
CVE-2024-2366
was published
May 16, 2024
Magento RCE,XSS and other vulnerabilities
Critical
GHSA-8j7c-682x-r9f2
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Critical
GHSA-5gmh-85x8-5cx7
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Open Source Security Advisory: Patch SUPEE-10975
Critical
GHSA-cv25-3pxr-4q7x
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Critical
GHSA-26hq-7286-mg8f
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
Critical
GHSA-6wm4-3rjj-c8xx
was published
for
magento/community-edition
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API