Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,104 advisories

Loading
SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote attacker to execute arbitrary... Moderate Unreviewed
CVE-2024-33335 was published Jun 20, 2024
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code... Moderate Unreviewed
CVE-2024-36531 was published Jun 10, 2024
The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2024-4194 was published Jun 6, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
Pug allows JavaScript code execution if an application accepts untrusted input Moderate
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger Credited to davidrunger and filipeom filipeom filipeom
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-4261 was published May 22, 2024
Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12... Moderate Unreviewed
CVE-2024-31396 was published May 22, 2024
In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file... Moderate Unreviewed
CVE-2024-36078 was published May 19, 2024
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for... Moderate Unreviewed
CVE-2024-31974 was published May 17, 2024
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an... Moderate Unreviewed
CVE-2024-3044 was published May 14, 2024
The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2024-4144 was published May 14, 2024
The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress... Moderate Unreviewed
CVE-2024-4038 was published May 14, 2024
The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-4039 was published May 14, 2024
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side... Moderate Unreviewed
CVE-2024-3787 was published May 14, 2024
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side... Moderate Unreviewed
CVE-2024-3788 was published May 14, 2024
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory... Moderate Unreviewed
CVE-2024-34225 was published May 14, 2024
The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows.... Moderate Unreviewed
CVE-2024-27793 was published May 14, 2024
The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all... Moderate Unreviewed
CVE-2024-4135 was published May 8, 2024
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert... Moderate Unreviewed
CVE-2024-29209 was published May 7, 2024
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd Credited to oscerd
kubevirt allows a local attacker to execute arbitrary code via a crafted command Moderate
CVE-2024-33394 was published for kubevirt.io/kubevirt (Go) May 2, 2024
The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated... Moderate Unreviewed
CVE-2024-3734 was published May 2, 2024
The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution... Moderate Unreviewed
CVE-2024-3957 was published May 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database