GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,117
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,905
Maven 5,105
npm 3,635
NuGet 638
pip 3,253
Pub 10
RubyGems 867
Rust 819
Swift 35

Unreviewed advisories

All unreviewed 228,685

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,010 advisories

Filter by severity

Sort by

Least recently updated

libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM... Critical Unreviewed

CVE-2024-31570 was published Sep 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed

CVE-2024-4657 was published Sep 25, 2024

Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces)... Critical Unreviewed

CVE-2022-21445 was published Apr 20, 2022

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On... Critical Unreviewed

CVE-2024-6593 was published Sep 25, 2024

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard... Critical Unreviewed

CVE-2024-6592 was published Sep 25, 2024

The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order'... Critical Unreviewed

CVE-2024-8275 was published Sep 25, 2024

The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id... Critical Unreviewed

CVE-2024-7385 was published Sep 25, 2024

The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object... Critical Unreviewed

CVE-2024-8514 was published Sep 25, 2024

The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL... Critical Unreviewed

CVE-2024-8436 was published Sep 25, 2024

External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource... Critical Unreviewed

CVE-2024-9142 was published Sep 25, 2024

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component... Critical Unreviewed

CVE-2023-44171 was published Sep 27, 2023

In wlan service, there is a possible out of bounds write due to improper input validation. This... Critical Unreviewed

CVE-2024-20017 was published Mar 4, 2024

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the... Critical Unreviewed

CVE-2023-43203 was published Sep 20, 2023

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in... Critical Unreviewed

CVE-2023-43239 was published Sep 21, 2023

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges... Critical Unreviewed

CVE-2023-43457 was published Sep 25, 2023

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter... Critical Unreviewed

CVE-2023-43242 was published Sep 21, 2023

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI)... Critical Unreviewed

CVE-2023-37069 was published Aug 10, 2023

The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability... Critical Unreviewed

CVE-2023-41294 was published Sep 25, 2023

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr... Critical Unreviewed

CVE-2023-43238 was published Sep 21, 2023

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed

CVE-2024-8485 was published Sep 25, 2024

The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word'... Critical Unreviewed

CVE-2024-8621 was published Sep 25, 2024

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed

CVE-2024-42505 was published Sep 25, 2024

An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full... Critical Unreviewed

CVE-2024-43692 was published Sep 25, 2024

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated... Critical Unreviewed

CVE-2024-42506 was published Sep 25, 2024

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user... Critical Unreviewed

CVE-2024-43423 was published Sep 25, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

20,010 advisories