Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

101,413 advisories

Loading
Amazon Redshift Python Connector vulnerable to SQL Injection High
CVE-2024-12745 was published for redshift_connector (pip) Dec 26, 2024
alikrubin
Amazon Redshift JDBC Driver vulnerable to SQL Injection High
CVE-2024-12744 was published for com.amazon.redshift:redshift-jdbc42 (Maven) Dec 26, 2024
alikrubin
lgsl Stored Cross-Site Scripting vulnerability High
CVE-2024-56361 was published for tltneon/lgsl (Composer) Dec 26, 2024
onsali
Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in... High Unreviewed
CVE-2024-51540 was published Dec 26, 2024
Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this... High Unreviewed
CVE-2023-7300 was published Dec 26, 2024
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through... High Unreviewed
CVE-2024-53291 was published Dec 25, 2024
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges... High Unreviewed
CVE-2024-47978 was published Dec 25, 2024
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs... High Unreviewed
CVE-2024-52535 was published Dec 25, 2024
The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable... High Unreviewed
CVE-2024-12428 was published Dec 25, 2024
The WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and... High Unreviewed
CVE-2024-12272 was published Dec 25, 2024
In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation. High Unreviewed
CVE-2024-1609 was published Dec 25, 2024
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).... High Unreviewed
CVE-2019-2483 was published Dec 24, 2024
The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is... High Unreviewed
CVE-2024-12881 was published Dec 24, 2024
A flaw was found in the skupper console, a read-only interface that renders cluster network,... High Unreviewed
CVE-2024-12582 was published Dec 24, 2024
The Custom Login Page Styler – Login Protected Private Site , Change wp-admin login url ,... High Unreviewed
CVE-2024-12594 was published Dec 24, 2024
A vulnerability was found in Pagure. Support of symbolic links during repository archiving of... High Unreviewed
CVE-2024-47515 was published Dec 24, 2024
ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a... High Unreviewed
CVE-2024-53961 was published Dec 23, 2024
Gogs allows argument Injection when tagging new releases High
CVE-2024-39933 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Navidrome Stores JWT Secret in Plaintext in navidrome.db High
CVE-2024-56362 was published for github.com/navidrome/navidrome (Go) Dec 23, 2024
saisathvik1
Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails High
CVE-2024-23945 was published for org.apache.hive:hive-service (Maven) Dec 23, 2024
Path Traversal in file update API in gogs High
CVE-2024-55947 was published for gogs.io/gogs (Go) Dec 23, 2024
ManassehZhou
Remote Command Execution in file editing in gogs High
CVE-2024-54148 was published for gogs.io/gogs (Go) Dec 23, 2024
ManassehZhou
Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A... High Unreviewed
CVE-2024-12903 was published Dec 23, 2024
ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine.... High Unreviewed
CVE-2024-12902 was published Dec 23, 2024
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection... High Unreviewed
CVE-2024-45721 was published Dec 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database