Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,541 advisories

Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation... Critical Unreviewed
CVE-2023-32244 was published May 17, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2023-32297 was published May 17, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content... Critical Unreviewed
CVE-2024-31351 was published May 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code... Critical Unreviewed
CVE-2023-23645 was published May 17, 2024
Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation... Critical Unreviewed
CVE-2023-25701 was published May 17, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best... Critical Unreviewed
CVE-2023-25444 was published May 17, 2024
Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege... Critical Unreviewed
CVE-2023-26009 was published May 17, 2024
The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all... Critical Unreviewed
CVE-2024-3551 was published May 17, 2024
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may... Critical Unreviewed
CVE-2024-22476 was published May 16, 2024
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command Critical
CVE-2024-5023 was published for consoleme (pip) May 16, 2024
jaydhulia scottpacknetflix
patricksanders
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php... Critical Unreviewed
CVE-2024-4992 was published May 16, 2024
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php... Critical Unreviewed
CVE-2024-4991 was published May 16, 2024
SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability... Critical Unreviewed
CVE-2024-4826 was published May 16, 2024
Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of... Critical Unreviewed
CVE-2024-30314 was published May 16, 2024
A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute... Critical Unreviewed
CVE-2024-4326 was published May 16, 2024
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of... Critical Unreviewed
CVE-2024-4223 was published May 16, 2024
A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows... Critical Unreviewed
CVE-2024-4078 was published May 16, 2024
A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to... Critical Unreviewed
CVE-2024-2361 was published May 16, 2024
A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows... Critical Unreviewed
CVE-2024-2358 was published May 16, 2024
A remote code execution vulnerability exists in the parisneo/lollms-webui application,... Critical Unreviewed
CVE-2024-2366 was published May 16, 2024
Magento RCE,XSS and other vulnerabilities Critical
GHSA-8j7c-682x-r9f2 was published for magento/community-edition (Composer) May 15, 2024
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities Critical
GHSA-5gmh-85x8-5cx7 was published for magento/community-edition (Composer) May 15, 2024
Magento Open Source Security Advisory: Patch SUPEE-10975 Critical
GHSA-cv25-3pxr-4q7x was published for magento/community-edition (Composer) May 15, 2024
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability Critical
GHSA-26hq-7286-mg8f was published for magento/community-edition (Composer) May 15, 2024
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities Critical
GHSA-6wm4-3rjj-c8xx was published for magento/community-edition (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API