GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,191 advisories
Filter by severity
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote...
Critical
Unreviewed
CVE-2024-10131
was published
Oct 19, 2024
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18...
Critical
Unreviewed
CVE-2024-37404
was published
Oct 19, 2024
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an...
Critical
Unreviewed
CVE-2024-9537
was published
Oct 18, 2024
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality....
Critical
Unreviewed
CVE-2024-10118
was published
Oct 18, 2024
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An...
Critical
Unreviewed
CVE-2024-10119
was published
Oct 18, 2024
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries...
Critical
Unreviewed
CVE-2024-9264
was published
Oct 18, 2024
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability.
Critical
Unreviewed
CVE-2023-26785
was published
Oct 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-49246
was published
Oct 17, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This...
Critical
Unreviewed
CVE-2024-49291
was published
Oct 17, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-49305
was published
Oct 17, 2024
Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object...
Critical
Unreviewed
CVE-2024-49318
was published
Oct 17, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in 酱茄 JiangQie Free Mini Program...
Critical
Unreviewed
CVE-2024-49314
was published
Oct 17, 2024
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress...
Critical
Unreviewed
CVE-2024-49322
was published
Oct 17, 2024
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in...
Critical
Unreviewed
CVE-2024-49217
was published
Oct 17, 2024
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker...
Critical
Unreviewed
CVE-2024-49397
was published
Oct 17, 2024
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ...
Critical
Unreviewed
CVE-2024-23786
was published
Oct 17, 2024
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain...
Critical
Unreviewed
CVE-2024-10025
was published
Oct 17, 2024
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for...
Critical
Unreviewed
CVE-2024-9263
was published
Oct 17, 2024
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-9863
was published
Oct 17, 2024
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary...
Critical
Unreviewed
CVE-2024-9862
was published
Oct 17, 2024
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which...
Critical
Unreviewed
CVE-2024-48180
was published
Oct 16, 2024
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all...
Critical
Unreviewed
CVE-2024-9893
was published
Oct 16, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code...
Critical
Unreviewed
CVE-2024-49254
was published
Oct 16, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin –...
Critical
Unreviewed
CVE-2024-49260
was published
Oct 16, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic...
Critical
Unreviewed
CVE-2024-48042
was published
Oct 16, 2024
ProTip!
Advisories are also available from the
GraphQL API