Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

31,068 advisories

Loading
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a... Critical Unreviewed
CVE-2024-25867 was published Feb 29, 2024
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID Critical
CVE-2024-25128 was published for Flask-AppBuilder (pip) Feb 28, 2024
parantheses Credited to parantheses and dpgaspar dpgaspar dpgaspar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-25910 was published Feb 28, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-25927 was published Feb 28, 2024
The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the ... Critical Unreviewed
CVE-2024-1514 was published Feb 28, 2024
A user who is privileged already `manager` or `admin` can set their profile picture via the... Critical Unreviewed
CVE-2024-0550 was published Feb 28, 2024
A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark... Critical Unreviewed
CVE-2023-50734 was published Feb 28, 2024
A memory corruption vulnerability has been identified in PostScript interpreter in various... Critical Unreviewed
CVE-2023-50736 was published Feb 28, 2024
A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark... Critical Unreviewed
CVE-2023-50735 was published Feb 28, 2024
The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in... Critical Unreviewed
CVE-2023-50737 was published Feb 28, 2024
Transparent TLS may not be applied to Marbles with certain manifest configurations Critical
GHSA-x5r5-2qrx-rqj8 was published for github.com/edgelesssys/marblerun (Go) Feb 27, 2024
In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to... Critical Unreviewed
CVE-2024-25843 was published Feb 27, 2024
In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from... Critical Unreviewed
CVE-2024-25846 was published Feb 27, 2024
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all... Critical Unreviewed
CVE-2024-1403 was published Feb 27, 2024
** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor... Critical Unreviewed
CVE-2024-27905 was published Feb 27, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd Credited to oscerd
The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin... Critical Unreviewed
CVE-2024-1698 was published Feb 27, 2024
Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly... Critical Unreviewed
CVE-2024-0759 was published Feb 27, 2024
An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of... Critical Unreviewed
CVE-2023-41506 was published Feb 27, 2024
Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection. Critical Unreviewed
CVE-2024-24095 was published Feb 27, 2024
A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06... Critical Unreviewed
CVE-2024-25751 was published Feb 27, 2024
SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers... Critical Unreviewed
CVE-2024-25247 was published Feb 27, 2024
SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows... Critical Unreviewed
CVE-2024-25248 was published Feb 27, 2024
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
SAML authentication bypass due to missing validation on unsigned SAML messages Critical
GHSA-hx5q-v6pj-533r was published for com.linecorp.centraldogma:centraldogma-server-auth-saml (Maven) Feb 26, 2024
lishiki Credited to lishiki
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database