Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,007 advisories

Loading
The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all... High Unreviewed
CVE-2024-1685 was published Mar 16, 2024
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget... High Unreviewed
CVE-2024-2006 was published Mar 13, 2024
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is... High Unreviewed
CVE-2024-1772 was published Mar 13, 2024
The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-1950 was published Mar 13, 2024
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag... Moderate Unreviewed
CVE-2024-0047 was published Mar 11, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
Credited to TheZ3ro
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be... Critical Unreviewed
CVE-2024-28211 was published Mar 7, 2024
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute... Critical Unreviewed
CVE-2024-28212 was published Mar 7, 2024
nGrinder vulnerable to unsafe Java objects deserialization Critical
CVE-2024-28213 was published for org.ngrinder:ngrinder-core (Maven) Mar 7, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability Critical
CVE-2024-26580 was published for org.apache.inlong:manager-common (Maven) Mar 6, 2024
oscerd
Credited to oscerd
The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all... High Unreviewed
CVE-2024-1731 was published Mar 5, 2024
The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP... High Unreviewed
CVE-2024-0825 was published Mar 5, 2024
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop... Critical Unreviewed
CVE-2024-24302 was published Mar 3, 2024
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability.... High Unreviewed
CVE-2024-0692 was published Mar 1, 2024
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is... High Unreviewed
CVE-2024-1859 was published Mar 1, 2024
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service High
CVE-2024-22871 was published for org.clojure:clojure (Maven) Feb 29, 2024
puredanger
Credited to puredanger
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-23052 was published Feb 29, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
Credited to oscerd
A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is... Moderate Unreviewed
CVE-2024-1750 was published Feb 22, 2024
A vulnerability classified as critical was found in van_der_Schaar LAB AutoPrognosis 0.1.21. This... Moderate Unreviewed
CVE-2024-1748 was published Feb 22, 2024
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis ErwanGuillon
bsweeney
Credited to Blaklis, ErwanGuillon, and bsweeney
php-svg-lib lacks path validation on font through SVG inline styles Moderate
CVE-2024-25117 was published for phenx/php-svg-lib (Composer) Feb 21, 2024
Deserialization of Untrusted Data in Apache Camel CassandraQL High
CVE-2024-23114 was published for org.apache.camel:camel-cassandraql (Maven) Feb 20, 2024
oscerd
Credited to oscerd
Deserialization of Untrusted Data in Apache Camel SQL High
CVE-2024-22369 was published for org.apache.camel:camel-sql (Maven) Feb 20, 2024
oscerd
Credited to oscerd
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database