GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
227 advisories
Filter by severity
Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data...
Critical
Unreviewed
CVE-2024-8074
was published
Nov 12, 2024
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-9518
was published
Oct 10, 2024
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege...
Critical
Unreviewed
CVE-2024-3057
was published
Oct 8, 2024
According to the researcher: "The TLS connections are encrypted against tampering or...
Critical
Unreviewed
CVE-2024-44097
was published
Oct 2, 2024
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in...
Critical
Unreviewed
CVE-2024-9265
was published
Oct 1, 2024
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows...
Critical
Unreviewed
CVE-2024-34331
was published
Sep 23, 2024
A condition exists in FlashArray Purity whereby a malicious user could use a remote...
Critical
Unreviewed
CVE-2024-0003
was published
Sep 23, 2024
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-8853
was published
Sep 20, 2024
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to...
Critical
Unreviewed
CVE-2024-44893
was published
Sep 10, 2024
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to...
Critical
Unreviewed
CVE-2024-7493
was published
Sep 6, 2024
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative...
Critical
Unreviewed
CVE-2024-36439
was published
Aug 22, 2024
Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could...
Critical
Unreviewed
CVE-2024-33872
was published
Aug 20, 2024
Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege...
Critical
Unreviewed
CVE-2024-43311
was published
Aug 19, 2024
Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This...
Critical
Unreviewed
CVE-2024-43245
was published
Aug 19, 2024
Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege...
Critical
Unreviewed
CVE-2024-43240
was published
Aug 19, 2024
Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network...
Critical
Unreviewed
CVE-2024-21807
was published
Aug 14, 2024
Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This...
Critical
Unreviewed
CVE-2024-43153
was published
Aug 13, 2024
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This...
Critical
Unreviewed
CVE-2024-43121
was published
Aug 13, 2024
Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule...
Critical
Unreviewed
CVE-2024-38770
was published
Aug 1, 2024
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to...
Critical
Unreviewed
CVE-2024-37858
was published
Jul 29, 2024
A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the...
Critical
Unreviewed
CVE-2023-4976
was published
Jul 17, 2024
Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation...
Critical
Unreviewed
CVE-2024-37927
was published
Jul 12, 2024
Microsoft Defender for IoT Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-38089
was published
Jul 9, 2024
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote...
Critical
Unreviewed
CVE-2024-27710
was published
Jul 5, 2024
When generating the systemd service units for the docker snap (and other similar snaps), snapd...
Critical
Unreviewed
CVE-2020-27352
was published
Jun 21, 2024
ProTip!
Advisories are also available from the
GraphQL API