GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
4,003 advisories
Filter by severity
A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script...
Critical
Unreviewed
CVE-2024-12652
was published
Dec 26, 2024
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to...
Critical
Unreviewed
CVE-2024-52046
was published
Dec 25, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Duplicate Advisory: Gogs allows argument injection during the previewing of changes
Critical
GHSA-hf29-9hfh-w63j
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system...
High
Unreviewed
CVE-2024-9154
was published
Dec 19, 2024
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable...
High
Unreviewed
CVE-2024-11977
was published
Dec 21, 2024
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
High
CVE-2024-56334
was published
for
systeminformation
(npm)
Dec 20, 2024
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
High
CVE-2024-56327
was published
for
pyrage
(pip)
Dec 19, 2024
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or...
High
Unreviewed
CVE-2013-3163
was published
May 14, 2022
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or...
Critical
Unreviewed
CVE-2014-6287
was published
May 13, 2022
A post-auth SQLi vulnerability in the User Portal allows authenticated users to execute code...
High
Unreviewed
CVE-2024-12729
was published
Dec 19, 2024
Remote code execution in php-heic-to-jpg
High
CVE-2024-48514
was published
for
maestroerror/php-heic-to-jpg
(Composer)
Oct 24, 2024
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9...
High
Unreviewed
CVE-2009-1862
was published
May 2, 2022
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for...
High
Unreviewed
CVE-2009-0557
was published
May 2, 2022
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in...
High
Unreviewed
CVE-2024-11740
was published
Dec 19, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
CVE-2024-36694
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS...
High
Unreviewed
CVE-2024-56051
was published
Dec 18, 2024
A denial-of-service and possible remote code execution vulnerability exists in the Rockwell...
Critical
Unreviewed
CVE-2024-12372
was published
Dec 18, 2024
UniSharp Laravel Filemanager Code Injection vulnerability
High
CVE-2024-21546
was published
for
unisharp/laravel-filemanager
(Composer)
Dec 18, 2024
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5...
Critical
Unreviewed
CVE-2023-34990
was published
Dec 18, 2024
An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an...
Moderate
Unreviewed
CVE-2024-55918
was published
Dec 13, 2024
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary...
High
Unreviewed
CVE-2024-40671
was published
Nov 13, 2024
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as...
Moderate
Unreviewed
CVE-2024-37773
was published
Dec 17, 2024
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean...
High
Unreviewed
CVE-2023-35809
was published
Jun 18, 2023
ProTip!
Advisories are also available from the
GraphQL API