Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,721
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,945
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,543 advisories

SimpleSAMLphp signature validation bypass Critical
GHSA-fjr2-r2mp-484p was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5315 was published for dolibarr/dolibarr (Composer) May 24, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5314 was published for dolibarr/dolibarr (Composer) May 24, 2024
Silverstripe Brute force bypass on default admin Critical
GHSA-8v6m-7f5v-hhx6 was published for silverstripe/framework (Composer) May 23, 2024
Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t... Critical Unreviewed
CVE-2024-5168 was published May 23, 2024
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-5084 was published May 23, 2024
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise... Critical Unreviewed
CVE-2024-29849 was published May 23, 2024
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2023-51637 was published May 22, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25738 was published for vufind/vufind (Composer) May 22, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25737 was published for vufind/vufind (Composer) May 22, 2024
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ... Critical Unreviewed
CVE-2024-3495 was published May 22, 2024
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local... Critical Unreviewed
CVE-2024-5147 was published May 22, 2024
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is... Critical Unreviewed
CVE-2024-4443 was published May 22, 2024
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35059 was published for ait-core (pip) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-83jv-4prm-34g7 was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-7336-ghhp-f2qj was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-q3g4-2vw9-xv27 was published for shopware/shopware (Composer) May 21, 2024
PyMySQL SQL Injection vulnerability Critical
CVE-2024-36039 was published for pymysql (pip) May 21, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical
CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024
oreenlivnicode leoluz
crenshaw-dev mkilchhofer todaywasawesome pasha-codefresh
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the... Critical Unreviewed
CVE-2023-3943 was published May 21, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-3939 was published May 21, 2024
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write... Critical Unreviewed
CVE-2023-3941 was published May 21, 2024
The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all... Critical Unreviewed
CVE-2024-4442 was published May 21, 2024
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when... Critical Unreviewed
CVE-2024-4985 was published May 21, 2024
propel/propel1 SQL injection possible with limit() on MySQL Critical
GHSA-7g7c-qhf3-x59p was published for propel/propel1 (Composer) May 20, 2024
ProTip! Advisories are also available from the GraphQL API