GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,905
Maven
5,000+
npm
3,635
NuGet
638
pip
3,253
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,010 advisories
Filter by severity
libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM...
Critical
Unreviewed
CVE-2024-31570
was published
Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-4657
was published
Sep 25, 2024
Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces)...
Critical
Unreviewed
CVE-2022-21445
was published
Apr 20, 2022
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On...
Critical
Unreviewed
CVE-2024-6593
was published
Sep 25, 2024
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard...
Critical
Unreviewed
CVE-2024-6592
was published
Sep 25, 2024
The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order'...
Critical
Unreviewed
CVE-2024-8275
was published
Sep 25, 2024
The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id...
Critical
Unreviewed
CVE-2024-7385
was published
Sep 25, 2024
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object...
Critical
Unreviewed
CVE-2024-8514
was published
Sep 25, 2024
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-8436
was published
Sep 25, 2024
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource...
Critical
Unreviewed
CVE-2024-9142
was published
Sep 25, 2024
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component...
Critical
Unreviewed
CVE-2023-44171
was published
Sep 27, 2023
In wlan service, there is a possible out of bounds write due to improper input validation. This...
Critical
Unreviewed
CVE-2024-20017
was published
Mar 4, 2024
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the...
Critical
Unreviewed
CVE-2023-43203
was published
Sep 20, 2023
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in...
Critical
Unreviewed
CVE-2023-43239
was published
Sep 21, 2023
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges...
Critical
Unreviewed
CVE-2023-43457
was published
Sep 25, 2023
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter...
Critical
Unreviewed
CVE-2023-43242
was published
Sep 21, 2023
Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI)...
Critical
Unreviewed
CVE-2023-37069
was published
Aug 10, 2023
The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability...
Critical
Unreviewed
CVE-2023-41294
was published
Sep 25, 2023
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr...
Critical
Unreviewed
CVE-2023-43238
was published
Sep 21, 2023
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via...
Critical
Unreviewed
CVE-2024-8485
was published
Sep 25, 2024
The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word'...
Critical
Unreviewed
CVE-2024-8621
was published
Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-42505
was published
Sep 25, 2024
An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full...
Critical
Unreviewed
CVE-2024-43692
was published
Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-42506
was published
Sep 25, 2024
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user...
Critical
Unreviewed
CVE-2024-43423
was published
Sep 25, 2024
ProTip!
Advisories are also available from the
GraphQL API