GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
501 advisories
Filter by severity
A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script...
Critical
Unreviewed
CVE-2024-12652
was published
Dec 26, 2024
A denial-of-service and possible remote code execution vulnerability exists in the Rockwell...
Critical
Unreviewed
CVE-2024-12372
was published
Dec 18, 2024
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5...
Critical
Unreviewed
CVE-2023-34990
was published
Dec 18, 2024
GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in...
Critical
Unreviewed
CVE-2024-55085
was published
Dec 17, 2024
ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval()...
Critical
Unreviewed
CVE-2024-21577
was published
Dec 13, 2024
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in...
Critical
Unreviewed
CVE-2024-21576
was published
Dec 13, 2024
The issue stems from a missing validation of the pip field in a POST request sent to the ...
Critical
Unreviewed
CVE-2024-21574
was published
Dec 12, 2024
From the VSPC management agent machine, under condition that the management agent is authorized...
Critical
Unreviewed
CVE-2024-42448
was published
Dec 12, 2024
Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php...
Critical
Unreviewed
CVE-2022-38946
was published
Dec 9, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro...
Critical
Unreviewed
CVE-2024-51815
was published
Dec 6, 2024
Unauthorized Access vulnerabilities allow Remote Code Execution.
Affected products:
ABB ASPECT...
Critical
Unreviewed
CVE-2024-48840
was published
Dec 5, 2024
Improper Input Validation vulnerability allows Remote Code Execution.
Affected products:
ABB...
Critical
Unreviewed
CVE-2024-48839
was published
Dec 5, 2024
An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the...
Critical
Unreviewed
CVE-2024-48453
was published
Dec 4, 2024
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the...
Critical
Unreviewed
CVE-2024-36622
was published
Nov 29, 2024
The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is...
Critical
Unreviewed
CVE-2024-8672
was published
Nov 28, 2024
In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at...
Critical
Unreviewed
CVE-2024-53920
was published
Nov 27, 2024
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID...
Critical
Unreviewed
CVE-2024-53604
was published
Nov 27, 2024
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in...
Critical
Unreviewed
CVE-2024-52959
was published
Nov 27, 2024
An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard...
Critical
Unreviewed
CVE-2024-51367
was published
Nov 21, 2024
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm...
Critical
Unreviewed
CVE-2024-52765
was published
Nov 20, 2024
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of...
Critical
Unreviewed
CVE-2024-10094
was published
Nov 20, 2024
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of...
Critical
Unreviewed
CVE-2024-50919
was published
Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic...
Critical
Unreviewed
CVE-2024-52434
was published
Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso...
Critical
Unreviewed
CVE-2024-52427
was published
Nov 18, 2024
An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP...
Critical
Unreviewed
CVE-2024-44758
was published
Nov 15, 2024
ProTip!
Advisories are also available from the
GraphQL API