Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,401 advisories

Blind XSS Leading to Froxlor Application Compromise Critical
CVE-2024-34070 was published for froxlor/froxlor (Composer) May 10, 2024
UmerAdeemCheema
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability Critical
CVE-2024-32964 was published for @lobehub/chat (npm) May 10, 2024
yyzsec
Genie Path Traversal vulnerability via File Uploads Critical
CVE-2024-4701 was published for com.netflix.genie:genie-web (Maven) May 9, 2024
jmoritzc53
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service Critical
CVE-2024-32874 was published for frigate (pip) May 9, 2024
Sim4n6
Spin applications with specific configuration vulnerable to potential network sandbox escape Critical
CVE-2024-32980 was published for spin-sdk (Rust) May 8, 2024
The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to,... Critical Unreviewed
CVE-2024-4393 was published May 8, 2024
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in... Critical Unreviewed
CVE-2024-4346 was published May 7, 2024
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due... Critical Unreviewed
CVE-2024-4345 was published May 7, 2024
The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed
CVE-2024-4186 was published May 7, 2024
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe... Critical Unreviewed
CVE-2024-4547 was published May 6, 2024
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe... Critical Unreviewed
CVE-2024-4548 was published May 6, 2024
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior.... Critical Unreviewed
CVE-2024-4549 was published May 6, 2024
Some CORS middleware allow untrusted origins Critical
GHSA-v84h-653v-4pq9 was published for github.com/jub0bs/fcors (Go) May 3, 2024
jub0bs
Some CORS middleware allow untrusted origins Critical
GHSA-vhxv-fg4m-p2w8 was published for github.com/jub0bs/cors (Go) May 3, 2024
jub0bs
SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability... Critical Unreviewed
CVE-2024-4466 was published May 3, 2024
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-51593 was published May 3, 2024
Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution... Critical Unreviewed
CVE-2023-51595 was published May 3, 2024
Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution... Critical Unreviewed
CVE-2023-51582 was published May 3, 2024
Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass... Critical Unreviewed
CVE-2023-51574 was published May 3, 2024
Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution... Critical Unreviewed
CVE-2023-51583 was published May 3, 2024
Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution... Critical Unreviewed
CVE-2023-51581 was published May 3, 2024
Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution... Critical Unreviewed
CVE-2023-51575 was published May 3, 2024
Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability... Critical Unreviewed
CVE-2023-51586 was published May 3, 2024
Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution... Critical Unreviewed
CVE-2023-51590 was published May 3, 2024
Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-51576 was published May 3, 2024
ProTip! Advisories are also available from the GraphQL API