GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,908 advisories
Filter by severity
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to,...
Critical
Unreviewed
CVE-2024-11349
was published
Dec 21, 2024
A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project...
Critical
Unreviewed
CVE-2024-55496
was published
Dec 17, 2024
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache...
Critical
Unreviewed
CVE-2024-4577
was published
Jun 9, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16...
Critical
Unreviewed
CVE-2023-7028
was published
Jan 12, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2023-34048
was published
Oct 25, 2023
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially...
Critical
Unreviewed
CVE-2024-28892
was published
Dec 20, 2024
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A...
Critical
Unreviewed
CVE-2024-21855
was published
Dec 20, 2024
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in...
Critical
Unreviewed
CVE-2024-11984
was published
Dec 19, 2024
A deserialization of untrusted data vulnerability with a malicious payload can allow an...
Critical
Unreviewed
CVE-2024-40711
was published
Sep 7, 2024
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an...
Critical
Unreviewed
CVE-2024-55956
was published
Dec 13, 2024
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
is vulnerable to an...
Critical
Unreviewed
CVE-2024-51466
was published
Dec 20, 2024
The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is...
Critical
Unreviewed
CVE-2024-12571
was published
Dec 20, 2024
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or...
Critical
Unreviewed
CVE-2014-6287
was published
May 13, 2022
There is a command injection vulnerability in Huawei terminal printer product. Successful...
Critical
Unreviewed
CVE-2022-32203
was published
Dec 20, 2024
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos...
Critical
Unreviewed
CVE-2024-12728
was published
Dec 19, 2024
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall...
Critical
Unreviewed
CVE-2024-12727
was published
Dec 19, 2024
Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote...
Critical
Unreviewed
CVE-2024-3845
was published
Apr 17, 2024
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote...
Critical
Unreviewed
CVE-2024-3847
was published
Apr 17, 2024
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all...
Critical
Unreviewed
CVE-2021-26102
was published
Dec 19, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-10244
was published
Dec 19, 2024
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in...
Critical
Unreviewed
CVE-2024-12626
was published
Dec 19, 2024
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android...
Critical
Unreviewed
CVE-2023-4617
was published
Dec 19, 2024
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell...
Critical
Unreviewed
CVE-2018-14933
was published
May 13, 2022
In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to
an unusual root...
Critical
Unreviewed
CVE-2018-9416
was published
Dec 5, 2024
ProTip!
Advisories are also available from the
GraphQL API