GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,676
NuGet
642
pip
3,291
Pub
11
RubyGems
873
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,817 advisories
Filter by severity
The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-9837
was published
Oct 15, 2024
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection...
Moderate
Unreviewed
CVE-2024-8760
was published
Oct 12, 2024
A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This...
High
Unreviewed
CVE-2024-44414
was published
Oct 11, 2024
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(npm)
Oct 11, 2024
The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in...
High
Unreviewed
CVE-2024-9581
was published
Oct 10, 2024
A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code ...
Critical
Unreviewed
CVE-2024-45874
was published
Oct 8, 2024
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary...
Critical
Unreviewed
CVE-2024-45873
was published
Oct 8, 2024
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code...
Critical
Unreviewed
CVE-2024-46076
was published
Oct 7, 2024
OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute...
Moderate
Unreviewed
CVE-2024-45933
was published
Oct 7, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Moderate
Unreviewed
CVE-2024-8254
was published
Oct 2, 2024
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.
Critical
Unreviewed
CVE-2024-45186
was published
Oct 2, 2024
Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip...
High
Unreviewed
CVE-2024-46080
was published
Oct 1, 2024
An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code...
Moderate
Unreviewed
CVE-2024-44744
was published
Oct 1, 2024
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows...
Moderate
Unreviewed
CVE-2024-45200
was published
Sep 30, 2024
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical....
Moderate
Unreviewed
CVE-2024-9324
was published
Sep 29, 2024
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises...
High
Unreviewed
CVE-2024-6983
was published
Sep 27, 2024
Remote command execution in promptr
High
CVE-2024-46489
was published
for
@ifnotnowwhen/promptr
(npm)
Sep 25, 2024
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in...
High
Unreviewed
CVE-2024-8481
was published
Sep 25, 2024
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary...
High
Unreviewed
CVE-2024-8623
was published
Sep 24, 2024
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution ...
Moderate
Unreviewed
CVE-2024-37779
was published
Sep 23, 2024
A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute...
High
Unreviewed
CVE-2024-46639
was published
Sep 23, 2024
A condition exists in FlashArray Purity whereby an user with array admin role can execute...
Critical
Unreviewed
CVE-2024-0004
was published
Sep 23, 2024
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and...
High
Unreviewed
CVE-2024-40442
was published
Sep 23, 2024
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection.
Unknown
Unreviewed
CVE-2024-47219
was published
Sep 22, 2024
SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php.
Critical
Unreviewed
CVE-2024-46103
was published
Sep 20, 2024
ProTip!
Advisories are also available from the
GraphQL API