Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

336 advisories

Loading
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege... Critical Unreviewed
CVE-2024-3057 was published Oct 8, 2024
According to the researcher: "The TLS connections are encrypted against tampering or... Critical Unreviewed
CVE-2024-44097 was published Oct 2, 2024
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in... Critical Unreviewed
CVE-2024-9265 was published Oct 1, 2024
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows... Critical Unreviewed
CVE-2024-34331 was published Sep 23, 2024
A condition exists in FlashArray Purity whereby a malicious user could use a remote... Critical Unreviewed
CVE-2024-0003 was published Sep 23, 2024
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed
CVE-2024-8853 was published Sep 20, 2024
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to... Critical Unreviewed
CVE-2024-44893 was published Sep 10, 2024
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to... Critical Unreviewed
CVE-2024-7493 was published Sep 6, 2024
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative... Critical Unreviewed
CVE-2024-36439 was published Aug 22, 2024
Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could... Critical Unreviewed
CVE-2024-33872 was published Aug 20, 2024
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them Critical
CVE-2024-43401 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 19, 2024
floerer
Credited to floerer
Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege... Critical Unreviewed
CVE-2024-43311 was published Aug 19, 2024
Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege... Critical Unreviewed
CVE-2024-43240 was published Aug 19, 2024
Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This... Critical Unreviewed
CVE-2024-43245 was published Aug 19, 2024
Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network... Critical Unreviewed
CVE-2024-21807 was published Aug 14, 2024
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This... Critical Unreviewed
CVE-2024-43121 was published Aug 13, 2024
Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This... Critical Unreviewed
CVE-2024-43153 was published Aug 13, 2024
Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule... Critical Unreviewed
CVE-2024-38770 was published Aug 1, 2024
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to... Critical Unreviewed
CVE-2024-37858 was published Jul 29, 2024
RaspAP allows an attacker to escalate privileges Critical
CVE-2024-41637 was published for billz/raspap-webgui (Composer) Jul 29, 2024
A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the... Critical Unreviewed
CVE-2023-4976 was published Jul 17, 2024
Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation... Critical Unreviewed
CVE-2024-37927 was published Jul 12, 2024
Microsoft Defender for IoT Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-38089 was published Jul 9, 2024
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote... Critical Unreviewed
CVE-2024-27710 was published Jul 5, 2024
When generating the systemd service units for the docker snap (and other similar snaps), snapd... Critical Unreviewed
CVE-2020-27352 was published Jun 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database