Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

101,304 advisories

Loading
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-12721 was published Dec 21, 2024
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross... High Unreviewed
CVE-2024-12771 was published Dec 21, 2024
The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2024-12066 was published Dec 21, 2024
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable... High Unreviewed
CVE-2024-11977 was published Dec 21, 2024
Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned... High Unreviewed
CVE-2024-49202 was published Dec 18, 2024
The AirVantage platform is vulnerable to an unauthorized attacker registering previously... High Unreviewed
CVE-2023-31279 was published Dec 21, 2024
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin... High Unreviewed
CVE-2024-55088 was published Dec 18, 2024
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) High
CVE-2024-56334 was published for systeminformation (npm) Dec 20, 2024
xAiluros
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback High
CVE-2024-56329 was published for joelbutcher/socialstream (Composer) Dec 20, 2024
carlosmintfan
If the attacker has access to a valid Poweruser session, remote code execution is possible... High Unreviewed
CVE-2024-47946 was published Dec 10, 2024
Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows... High Unreviewed
CVE-2024-37758 was published Dec 20, 2024
Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6... High Unreviewed
CVE-2024-12867 was published Dec 20, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability High
CVE-2024-56337 was published for org.apache.tomcat:tomcat-catalina (Maven) Dec 20, 2024
Oqtane Framework Incorrect Access Control vulnerability High
CVE-2024-55470 was published for Oqtane.Framework (NuGet) Dec 20, 2024
Browsershot Improper Input Validation vulnerability High
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution High
CVE-2024-56327 was published for pyrage (pip) Dec 19, 2024
gaby woodruffw
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... High Unreviewed
CVE-2024-44211 was published Dec 20, 2024
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... High Unreviewed
CVE-2024-44231 was published Dec 20, 2024
There is an insufficient input verification vulnerability in Huawei product. Successful... High Unreviewed
CVE-2022-32144 was published Dec 20, 2024
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat... High Unreviewed
CVE-2024-12672 was published Dec 19, 2024
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol... High Unreviewed
CVE-2023-7005 was published Dec 19, 2024
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1.... High Unreviewed
CVE-2024-44195 was published Dec 20, 2024
A denial-of-service issue was addressed with improved input validation. This issue is fixed in... High Unreviewed
CVE-2024-54538 was published Dec 20, 2024
In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and... High Unreviewed
CVE-2024-26793 was published Apr 4, 2024
Luxion KeyShot 3DS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability.... High Unreviewed
CVE-2024-11576 was published Nov 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database