GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,904
Maven
5,000+
npm
3,635
NuGet
638
pip
3,253
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,011 advisories
Filter by severity
libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM...
Critical
Unreviewed
CVE-2024-31570
was published
Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-4657
was published
Sep 25, 2024
Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces)...
Critical
Unreviewed
CVE-2022-21445
was published
Apr 20, 2022
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard...
Critical
Unreviewed
CVE-2024-6592
was published
Sep 25, 2024
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On...
Critical
Unreviewed
CVE-2024-6593
was published
Sep 25, 2024
The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order'...
Critical
Unreviewed
CVE-2024-8275
was published
Sep 25, 2024
The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id...
Critical
Unreviewed
CVE-2024-7385
was published
Sep 25, 2024
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object...
Critical
Unreviewed
CVE-2024-8514
was published
Sep 25, 2024
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-8436
was published
Sep 25, 2024
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource...
Critical
Unreviewed
CVE-2024-9142
was published
Sep 25, 2024
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component...
Critical
Unreviewed
CVE-2023-44171
was published
Sep 27, 2023
In wlan service, there is a possible out of bounds write due to improper input validation. This...
Critical
Unreviewed
CVE-2024-20017
was published
Mar 4, 2024
Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI)...
Critical
Unreviewed
CVE-2023-37069
was published
Aug 10, 2023
The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability...
Critical
Unreviewed
CVE-2023-41294
was published
Sep 25, 2023
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr...
Critical
Unreviewed
CVE-2023-43238
was published
Sep 21, 2023
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the...
Critical
Unreviewed
CVE-2023-43203
was published
Sep 20, 2023
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in...
Critical
Unreviewed
CVE-2023-43239
was published
Sep 21, 2023
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges...
Critical
Unreviewed
CVE-2023-43457
was published
Sep 25, 2023
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter...
Critical
Unreviewed
CVE-2023-43242
was published
Sep 21, 2023
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via...
Critical
Unreviewed
CVE-2024-8485
was published
Sep 25, 2024
The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word'...
Critical
Unreviewed
CVE-2024-8621
was published
Sep 25, 2024
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary...
Critical
Unreviewed
CVE-2023-26686
was published
Sep 25, 2024
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user...
Critical
Unreviewed
CVE-2023-26689
was published
Sep 25, 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP
sub-menu can allow a...
Critical
Unreviewed
CVE-2024-45066
was published
Sep 25, 2024
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input...
Critical
Unreviewed
CVE-2024-9148
was published
Sep 25, 2024
ProTip!
Advisories are also available from the
GraphQL API