Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

4,005 advisories

Loading
The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for... High Unreviewed
CVE-2024-10959 was published Dec 10, 2024
Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2,... Moderate Unreviewed
CVE-2024-28005 was published Mar 28, 2024
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2-... High Unreviewed
CVE-2024-30963 was published Dec 6, 2024
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2... High Unreviewed
CVE-2024-30964 was published Dec 6, 2024
Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&&... High Unreviewed
CVE-2024-37860 was published Dec 6, 2024
Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2... High Unreviewed
CVE-2024-37862 was published Dec 6, 2024
Due to missing input validation during one step of the firmware update process, the product is... High Unreviewed
CVE-2024-10771 was published Dec 6, 2024
Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent.... High Unreviewed
CVE-2024-21571 was published Dec 6, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro... Critical Unreviewed
CVE-2024-51815 was published Dec 6, 2024
The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via... Moderate Unreviewed
CVE-2024-10909 was published Dec 6, 2024
The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User... Moderate Unreviewed
CVE-2024-10681 was published Dec 6, 2024
jFinal Server-Side Template Injection vulnerability Critical
CVE-2021-31635 was published for com.jfinal:jfinal (Maven) Jun 26, 2023
Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB... Critical Unreviewed
CVE-2024-48839 was published Dec 5, 2024
Unauthorized Access vulnerabilities allow Remote Code Execution.  Affected products: ABB ASPECT... Critical Unreviewed
CVE-2024-48840 was published Dec 5, 2024
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers... Moderate Unreviewed
CVE-2024-39165 was published Jul 4, 2024
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow... High Unreviewed
CVE-2023-32528 was published Jun 27, 2023
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow... High Unreviewed
CVE-2023-32527 was published Jun 27, 2023
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via... High Unreviewed
CVE-2024-10952 was published Dec 4, 2024
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization High
CVE-2024-36610 was published for symfony/var-dumper (Composer) Nov 29, 2024 withdrawn
jderusse
An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of... High Unreviewed
CVE-2024-53564 was published Dec 2, 2024
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the... Critical Unreviewed
CVE-2024-36622 was published Nov 29, 2024
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
hull.js Code Injection Vulnerability Critical
GHSA-q849-wxrc-vqrp was published for hull.js (npm) Dec 2, 2024
mcoimbra filipeom
In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at... Critical Unreviewed
CVE-2024-53920 was published Nov 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database