Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

181 advisories

Loading
An issue was discovered in the Boomerang Parental Control application through 13.83 for Android.... Critical Unreviewed
CVE-2023-36621 was published Nov 3, 2023
H2O local file inclusion vulnerability Critical
CVE-2023-6038 was published for ai.h2o:h2o-core (Maven) Nov 16, 2023
Ray Missing Authorization vulnerability Critical
CVE-2023-6020 was published for ray (pip) Nov 16, 2023
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity... Critical Unreviewed
CVE-2023-48417 was published Dec 11, 2023
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the... Critical Unreviewed
CVE-2023-50976 was published Dec 18, 2023
The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for... Critical Unreviewed
CVE-2023-5877 was published Jan 1, 2024
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via... Critical Unreviewed
CVE-2023-47458 was published Jan 2, 2024
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress... Critical Unreviewed
CVE-2023-6875 was published Jan 11, 2024
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious... Critical Unreviewed
CVE-2023-34063 was published Jan 16, 2024
Code execution in pandasai Critical
CVE-2024-23752 was published for pandasai (pip) Jan 22, 2024
Missing authorization vulnerability in System webapi component in Synology Surveillance Station... Critical Unreviewed
CVE-2024-29241 was published Mar 28, 2024
XWiki Platform: Privilege escalation (PR) from user registration through PDFClass Critical
CVE-2024-31981 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
XWiki Platform: Remote code execution from edit in multilingual wikis via translations Critical
CVE-2024-31983 was published for org.xwiki.platform:xwiki-platform-localization-source-wiki (Maven) Apr 10, 2024
XWiki Platform remote code execution from account via custom skins support Critical
CVE-2024-31987 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
XWiki Platform remote code execution from account through UIExtension parameters Critical
CVE-2024-31997 was published for org.xwiki.platform:xwiki-platform-uiextension-api (Maven) Apr 10, 2024
Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a... Critical Unreviewed
CVE-2024-25912 was published Apr 11, 2024
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a... Critical Unreviewed
CVE-2023-49742 was published Apr 18, 2024
Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember:... Critical Unreviewed
CVE-2024-32948 was published Apr 24, 2024
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue... Critical Unreviewed
CVE-2024-33566 was published Apr 29, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected... Critical Unreviewed
CVE-2024-27939 was published May 14, 2024
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1... Critical Unreviewed
CVE-2024-3761 was published May 20, 2024
Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and... Critical Unreviewed
CVE-2024-36246 was published May 31, 2024
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a... Critical Unreviewed
CVE-2024-31244 was published Jun 9, 2024
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager... Critical Unreviewed
CVE-2024-33565 was published Jun 9, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-4898 was published Jun 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database