GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,982 advisories
Filter by severity
Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&&...
High
Unreviewed
CVE-2024-37860
was published
Dec 6, 2024
Improper Input Validation vulnerability allows Remote Code Execution.
Affected products:
ABB...
Critical
Unreviewed
CVE-2024-48839
was published
Dec 5, 2024
Unauthorized Access vulnerabilities allow Remote Code Execution.
Affected products:
ABB ASPECT...
Critical
Unreviewed
CVE-2024-48840
was published
Dec 5, 2024
An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the...
Critical
Unreviewed
CVE-2024-48453
was published
Dec 4, 2024
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via...
High
Unreviewed
CVE-2024-10952
was published
Dec 4, 2024
hull.js Code Injection Vulnerability
Critical
GHSA-q849-wxrc-vqrp
was published
for
hull.js
(npm)
Dec 2, 2024
An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of...
High
Unreviewed
CVE-2024-53564
was published
Dec 2, 2024
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization
High
CVE-2024-36610
was published
for
symfony/var-dumper
(Composer)
Nov 29, 2024
•
withdrawn
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the...
Critical
Unreviewed
CVE-2024-36622
was published
Nov 29, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows...
High
Unreviewed
CVE-2024-11620
was published
Nov 28, 2024
The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is...
Critical
Unreviewed
CVE-2024-8672
was published
Nov 28, 2024
In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at...
Critical
Unreviewed
CVE-2024-53920
was published
Nov 27, 2024
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID...
Critical
Unreviewed
CVE-2024-53604
was published
Nov 27, 2024
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in...
Critical
Unreviewed
CVE-2024-52959
was published
Nov 27, 2024
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of...
High
Unreviewed
CVE-2024-11699
was published
Nov 26, 2024
When handling keypress events, an attacker may have been able to trick a user into bypassing the ...
High
Unreviewed
CVE-2024-11697
was published
Nov 26, 2024
The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via...
Moderate
Unreviewed
CVE-2024-11002
was published
Nov 26, 2024
IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject...
High
Unreviewed
CVE-2024-52899
was published
Nov 26, 2024
A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of...
High
Unreviewed
CVE-2024-53554
was published
Nov 26, 2024
The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form...
High
Unreviewed
CVE-2024-11034
was published
Nov 23, 2024
Possible Command injection Vulnerability
in iManager has been discovered in
OpenText™ iManager 3...
High
Unreviewed
CVE-2021-38117
was published
Nov 22, 2024
An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard...
Critical
Unreviewed
CVE-2024-51367
was published
Nov 21, 2024
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm...
Critical
Unreviewed
CVE-2024-52765
was published
Nov 20, 2024
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of...
Critical
Unreviewed
CVE-2024-10094
was published
Nov 20, 2024
There exists a code execution vulnerability in the Car App Android Jetpack Library. In the...
High
Unreviewed
CVE-2024-10382
was published
Nov 20, 2024
ProTip!
Advisories are also available from the
GraphQL API