Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,218 advisories

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability.... High Unreviewed
CVE-2024-0692 was published Mar 1, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization Moderate
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is... Moderate Unreviewed
CVE-2024-1750 was published Feb 22, 2024
A vulnerability classified as critical was found in van_der_Schaar LAB AutoPrognosis 0.1.21. This... Moderate Unreviewed
CVE-2024-1748 was published Feb 22, 2024
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis ErwanGuillon
bsweeney
php-svg-lib lacks path validation on font through SVG inline styles Moderate
CVE-2024-25117 was published for phenx/php-svg-lib (Composer) Feb 21, 2024
Deserialization of Untrusted Data in Apache Camel SQL High
CVE-2024-22369 was published for org.apache.camel:camel-sql (Maven) Feb 20, 2024
oscerd
Deserialization of Untrusted Data in Apache Camel CassandraQL High
CVE-2024-23114 was published for org.apache.camel:camel-cassandraql (Maven) Feb 20, 2024
oscerd
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution... Critical Unreviewed
CVE-2023-40057 was published Feb 15, 2024
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution... High Unreviewed
CVE-2024-23478 was published Feb 15, 2024
Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose... High Unreviewed
CVE-2024-24926 was published Feb 12, 2024
Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon.This issue affects... Moderate Unreviewed
CVE-2023-46615 was published Feb 12, 2024
Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder &... High Unreviewed
CVE-2024-23512 was published Feb 12, 2024
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue... Critical Unreviewed
CVE-2024-25100 was published Feb 12, 2024
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real... Critical Unreviewed
CVE-2024-24797 was published Feb 12, 2024
Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive:... High Unreviewed
CVE-2024-23513 was published Feb 12, 2024
Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets... High Unreviewed
CVE-2024-24796 was published Feb 12, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res... Moderate Unreviewed
CVE-2024-1432 was published Feb 11, 2024
A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected... Moderate Unreviewed
CVE-2024-1353 was published Feb 9, 2024
Allegro AI ClearML vulnerable to deserialization of untrusted data High
CVE-2024-24590 was published for clearml (pip) Feb 6, 2024
The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all... Moderate Unreviewed
CVE-2024-0668 was published Feb 6, 2024
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2023-6933 was published Feb 6, 2024
A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by... High Unreviewed
CVE-2024-1225 was published Feb 5, 2024
A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is... Moderate Unreviewed
CVE-2024-1198 was published Feb 3, 2024
ProTip! Advisories are also available from the GraphQL API