GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,983 advisories
Filter by severity
Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress...
High
Unreviewed
CVE-2024-50450
was published
Oct 28, 2024
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code...
High
Unreviewed
CVE-2024-9162
was published
Oct 28, 2024
CycloneDX cdxgen may execute code contained within build-related files
Moderate
CVE-2024-50611
was published
for
@cyclonedx/cdxgen
(npm)
Oct 28, 2024
The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-9772
was published
Oct 26, 2024
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of...
Moderate
Unreviewed
CVE-2024-48235
was published
Oct 26, 2024
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the...
Moderate
Unreviewed
CVE-2024-48236
was published
Oct 26, 2024
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE)...
High
Unreviewed
CVE-2024-37845
was published
Oct 25, 2024
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI)...
Critical
Unreviewed
CVE-2024-37846
was published
Oct 25, 2024
File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48581
was published
Oct 25, 2024
SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a...
Critical
Unreviewed
CVE-2024-48579
was published
Oct 25, 2024
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote...
Critical
Unreviewed
CVE-2024-48204
was published
Oct 25, 2024
Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to...
High
Unreviewed
CVE-2024-48700
was published
Oct 25, 2024
An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js...
High
Unreviewed
CVE-2024-48655
was published
Oct 25, 2024
N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is...
High
Unreviewed
CVE-2024-47158
was published
Oct 25, 2024
Remote code execution in php-heic-to-jpg
High
CVE-2024-48514
was published
for
maestroerror/php-heic-to-jpg
(Composer)
Oct 24, 2024
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)
High
CVE-2024-47879
was published
for
org.openrefine:main
(Maven)
Oct 24, 2024
OS Command Injection in Snyk gradle plugin
High
CVE-2024-48964
was published
for
snyk-gradle-plugin
(npm)
Oct 23, 2024
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and...
Moderate
Unreviewed
CVE-2024-20485
was published
Oct 23, 2024
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business...
Critical
Unreviewed
CVE-2024-35314
was published
Oct 21, 2024
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an...
Critical
Unreviewed
CVE-2024-35285
was published
Oct 21, 2024
A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and...
High
Unreviewed
CVE-2024-41714
was published
Oct 21, 2024
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business...
Moderate
Unreviewed
CVE-2024-35315
was published
Oct 21, 2024
A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow...
Moderate
Unreviewed
CVE-2024-41712
was published
Oct 21, 2024
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code...
High
Unreviewed
CVE-2024-9593
was published
Oct 18, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions
Critical
CVE-2024-9264
was published
for
github.com/grafana/grafana
(Go)
Oct 18, 2024
ProTip!
Advisories are also available from the
GraphQL API