GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,335
Composer 4,133
Erlang 29
GitHub Actions 19
Go 1,939
Maven 5,134
npm 3,677
NuGet 643
pip 3,295
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 230,779

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

226 advisories

Filter by severity

Sort by

Least recently updated

The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed

CVE-2024-9518 was published Oct 10, 2024

A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege... Critical Unreviewed

CVE-2024-3057 was published Oct 8, 2024

According to the researcher: "The TLS connections are encrypted against tampering or... Critical Unreviewed

CVE-2024-44097 was published Oct 2, 2024

The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in... Critical Unreviewed

CVE-2024-9265 was published Oct 1, 2024

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows... Critical Unreviewed

CVE-2024-34331 was published Sep 23, 2024

A condition exists in FlashArray Purity whereby a malicious user could use a remote... Critical Unreviewed

CVE-2024-0003 was published Sep 23, 2024

The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed

CVE-2024-8853 was published Sep 20, 2024

An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to... Critical Unreviewed

CVE-2024-44893 was published Sep 10, 2024

The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to... Critical Unreviewed

CVE-2024-7493 was published Sep 6, 2024

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative... Critical Unreviewed

CVE-2024-36439 was published Aug 22, 2024

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could... Critical Unreviewed

CVE-2024-33872 was published Aug 20, 2024

Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege... Critical Unreviewed

CVE-2024-43311 was published Aug 19, 2024

Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This... Critical Unreviewed

CVE-2024-43245 was published Aug 19, 2024

Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege... Critical Unreviewed

CVE-2024-43240 was published Aug 19, 2024

Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network... Critical Unreviewed

CVE-2024-21807 was published Aug 14, 2024

Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This... Critical Unreviewed

CVE-2024-43121 was published Aug 13, 2024

Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This... Critical Unreviewed

CVE-2024-43153 was published Aug 13, 2024

Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule... Critical Unreviewed

CVE-2024-38770 was published Aug 1, 2024

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to... Critical Unreviewed

CVE-2024-37858 was published Jul 29, 2024

A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the... Critical Unreviewed

CVE-2023-4976 was published Jul 17, 2024

Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation... Critical Unreviewed

CVE-2024-37927 was published Jul 12, 2024

Microsoft Defender for IoT Elevation of Privilege Vulnerability Critical Unreviewed

CVE-2024-38089 was published Jul 9, 2024

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote... Critical Unreviewed

CVE-2024-27710 was published Jul 5, 2024

When generating the systemd service units for the docker snap (and other similar snaps), snapd... Critical Unreviewed

CVE-2020-27352 was published Jun 21, 2024

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows... Critical Unreviewed

CVE-2024-33374 was published Jun 14, 2024

Previous 1 2 3 4 5 … 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

226 advisories