GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,952
Composer 4,274
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,419
Pub 12
RubyGems 891
Rust 872
Swift 36

Unreviewed advisories

All unreviewed 238,599

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

501 advisories

Filter by severity

Sort by

Least recently updated

A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script... Critical Unreviewed

CVE-2024-12652 was published Dec 26, 2024

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or... Critical Unreviewed

CVE-2014-6287 was published May 13, 2022

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell... Critical Unreviewed

CVE-2024-12372 was published Dec 18, 2024

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5... Critical Unreviewed

CVE-2023-34990 was published Dec 18, 2024

Multiple Sitecore products allow remote code execution. This affects Experience Manager,... Critical Unreviewed

CVE-2023-35813 was published Jun 18, 2023

GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in... Critical Unreviewed

CVE-2024-55085 was published Dec 17, 2024

The go command may generate unexpected code at build time when using cgo. This may result in... Critical Unreviewed

CVE-2023-29402 was published Jun 8, 2023

ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval()... Critical Unreviewed

CVE-2024-21577 was published Dec 13, 2024

ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in... Critical Unreviewed

CVE-2024-21576 was published Dec 13, 2024

From the VSPC management agent machine, under condition that the management agent is authorized... Critical Unreviewed

CVE-2024-42448 was published Dec 12, 2024

The issue stems from a missing validation of the pip field in a POST request sent to the ... Critical Unreviewed

CVE-2024-21574 was published Dec 12, 2024

An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the... Critical Unreviewed

CVE-2024-48453 was published Dec 4, 2024

Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php... Critical Unreviewed

CVE-2022-38946 was published Dec 9, 2024

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able... Critical Unreviewed

CVE-2023-35853 was published Jun 19, 2023

Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro... Critical Unreviewed

CVE-2024-51815 was published Dec 6, 2024

Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB... Critical Unreviewed

CVE-2024-48839 was published Dec 5, 2024

Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT... Critical Unreviewed

CVE-2024-48840 was published Dec 5, 2024

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the... Critical Unreviewed

CVE-2024-36622 was published Nov 29, 2024

In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at... Critical Unreviewed

CVE-2024-53920 was published Nov 27, 2024

A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID... Critical Unreviewed

CVE-2024-53604 was published Nov 27, 2024

The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is... Critical Unreviewed

CVE-2024-8672 was published Nov 28, 2024

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard... Critical Unreviewed

CVE-2024-51367 was published Nov 21, 2024

An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP... Critical Unreviewed

CVE-2024-44758 was published Nov 15, 2024

A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in... Critical Unreviewed

CVE-2024-52959 was published Nov 27, 2024

H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm... Critical Unreviewed

CVE-2024-52765 was published Nov 20, 2024

Previous 1 2 3 4 5 … 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

501 advisories