Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,541 advisories

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2... Critical Unreviewed
CVE-2021-1871 was published May 24, 2022
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2... Critical Unreviewed
CVE-2021-1870 was published May 24, 2022
Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry Critical
CVE-2023-20873 was published for org.springframework.boot:spring-boot-actuator-autoconfigure (Maven) Apr 20, 2023
quinzhi
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who... Critical Unreviewed
CVE-2024-4671 was published May 14, 2024
nats-io/jwt not enforcing checking of Import token permissions Critical
CVE-2021-3127 was published for github.com/nats-io/jwt (Go) Feb 15, 2022
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5315 was published for dolibarr/dolibarr (Composer) May 24, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5314 was published for dolibarr/dolibarr (Composer) May 24, 2024
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8),... Critical Unreviewed
CVE-2024-22039 was published Mar 12, 2024
Silverstripe Brute force bypass on default admin Critical
GHSA-8v6m-7f5v-hhx6 was published for silverstripe/framework (Composer) May 23, 2024
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote... Critical Unreviewed
CVE-2023-43208 was published Oct 26, 2023
Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t... Critical Unreviewed
CVE-2024-5168 was published May 23, 2024
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-5084 was published May 23, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25738 was published for vufind/vufind (Composer) May 22, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25737 was published for vufind/vufind (Composer) May 22, 2024
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise... Critical Unreviewed
CVE-2024-29849 was published May 23, 2024
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2023-51637 was published May 22, 2024
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35059 was published for ait-core (pip) May 21, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical
CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024
oreenlivnicode leoluz
crenshaw-dev mkilchhofer todaywasawesome pasha-codefresh
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ... Critical Unreviewed
CVE-2024-3495 was published May 22, 2024
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local... Critical Unreviewed
CVE-2024-5147 was published May 22, 2024
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is... Critical Unreviewed
CVE-2024-4443 was published May 22, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-83jv-4prm-34g7 was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-7336-ghhp-f2qj was published for shopware/shopware (Composer) May 21, 2024
PyMySQL SQL Injection vulnerability Critical
CVE-2024-36039 was published for pymysql (pip) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-q3g4-2vw9-xv27 was published for shopware/shopware (Composer) May 21, 2024
ProTip! Advisories are also available from the GraphQL API