GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,401 advisories
Filter by severity
Blind XSS Leading to Froxlor Application Compromise
Critical
CVE-2024-34070
was published
for
froxlor/froxlor
(Composer)
May 10, 2024
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Critical
CVE-2024-32964
was published
for
@lobehub/chat
(npm)
May 10, 2024
Genie Path Traversal vulnerability via File Uploads
Critical
CVE-2024-4701
was published
for
com.netflix.genie:genie-web
(Maven)
May 9, 2024
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Critical
CVE-2024-32874
was published
for
frigate
(pip)
May 9, 2024
Spin applications with specific configuration vulnerable to potential network sandbox escape
Critical
CVE-2024-32980
was published
for
spin-sdk
(Rust)
May 8, 2024
The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to,...
Critical
Unreviewed
CVE-2024-4393
was published
May 8, 2024
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in...
Critical
Unreviewed
CVE-2024-4346
was published
May 7, 2024
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due...
Critical
Unreviewed
CVE-2024-4345
was published
May 7, 2024
The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up...
Critical
Unreviewed
CVE-2024-4186
was published
May 7, 2024
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe...
Critical
Unreviewed
CVE-2024-4547
was published
May 6, 2024
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe...
Critical
Unreviewed
CVE-2024-4548
was published
May 6, 2024
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior....
Critical
Unreviewed
CVE-2024-4549
was published
May 6, 2024
Some CORS middleware allow untrusted origins
Critical
GHSA-v84h-653v-4pq9
was published
for
github.com/jub0bs/fcors
(Go)
May 3, 2024
Some CORS middleware allow untrusted origins
Critical
GHSA-vhxv-fg4m-p2w8
was published
for
github.com/jub0bs/cors
(Go)
May 3, 2024
SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability...
Critical
Unreviewed
CVE-2024-4466
was published
May 3, 2024
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability....
Critical
Unreviewed
CVE-2023-51593
was published
May 3, 2024
Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution...
Critical
Unreviewed
CVE-2023-51595
was published
May 3, 2024
Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution...
Critical
Unreviewed
CVE-2023-51582
was published
May 3, 2024
Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass...
Critical
Unreviewed
CVE-2023-51574
was published
May 3, 2024
Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution...
Critical
Unreviewed
CVE-2023-51583
was published
May 3, 2024
Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution...
Critical
Unreviewed
CVE-2023-51581
was published
May 3, 2024
Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution...
Critical
Unreviewed
CVE-2023-51575
was published
May 3, 2024
Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability...
Critical
Unreviewed
CVE-2023-51586
was published
May 3, 2024
Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution...
Critical
Unreviewed
CVE-2023-51590
was published
May 3, 2024
Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability....
Critical
Unreviewed
CVE-2023-51576
was published
May 3, 2024
ProTip!
Advisories are also available from the
GraphQL API