GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,086
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,900
Maven 5,098
npm 3,630
NuGet 638
pip 3,244
Pub 10
RubyGems 863
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,414

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

162 advisories

Filter by severity

Sort by

Least recently updated

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress... Critical Unreviewed

CVE-2024-8289 was published Sep 4, 2024

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is... Critical Unreviewed

CVE-2024-7856 was published Aug 29, 2024

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred... Critical Unreviewed

CVE-2024-45168 was published Aug 22, 2024

In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them Critical

CVE-2024-43401 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 19, 2024

The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to... Critical Unreviewed

CVE-2024-6500 was published Aug 17, 2024

In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on... Critical Unreviewed

CVE-2024-41730 was published Aug 13, 2024

XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet Critical

CVE-2024-37901 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Jul 31, 2024

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project... Critical Unreviewed

CVE-2024-6806 was published Jul 22, 2024

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of... Critical Unreviewed

CVE-2024-6636 was published Jul 20, 2024

PTC Creo Elements/Direct License Server exposes a web interface which can be used by... Critical Unreviewed

CVE-2024-6071 was published Jun 28, 2024

Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be... Critical Unreviewed

CVE-2024-6303 was published Jun 25, 2024

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a... Critical Unreviewed

CVE-2023-39312 was published Jun 19, 2024

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed

CVE-2024-4898 was published Jun 12, 2024

Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager... Critical Unreviewed

CVE-2024-33565 was published Jun 9, 2024

Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a... Critical Unreviewed

CVE-2024-31244 was published Jun 9, 2024

Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and... Critical Unreviewed

CVE-2024-36246 was published May 31, 2024

In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1... Critical Unreviewed

CVE-2024-3761 was published May 20, 2024

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected... Critical Unreviewed

CVE-2024-27939 was published May 14, 2024

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue... Critical Unreviewed

CVE-2024-33566 was published Apr 29, 2024

Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember:... Critical Unreviewed

CVE-2024-32948 was published Apr 24, 2024

Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a... Critical Unreviewed

CVE-2023-49742 was published Apr 18, 2024

Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a... Critical Unreviewed

CVE-2024-25912 was published Apr 11, 2024

XWiki Platform remote code execution from account through UIExtension parameters Critical

CVE-2024-31997 was published for org.xwiki.platform:xwiki-platform-uiextension-api (Maven) Apr 10, 2024

XWiki Platform remote code execution from account via custom skins support Critical

CVE-2024-31987 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024

XWiki Platform: Remote code execution from edit in multilingual wikis via translations Critical

CVE-2024-31983 was published for org.xwiki.platform:xwiki-platform-localization-source-wiki (Maven) Apr 10, 2024

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

162 advisories