Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

93,837 advisories

Loading
An OS command injection vulnerability exists in the web interface configuration upload... High Unreviewed
CVE-2024-21786 was published Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-51646 was published Dec 18, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2024-54270 was published Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-54350 was published Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-56016 was published Dec 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-55984 was published Dec 18, 2024
Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality... High Unreviewed
CVE-2024-56008 was published Dec 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-55985 was published Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-56010 was published Dec 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-55975 was published Dec 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-55983 was published Dec 18, 2024
The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL... High Unreviewed
CVE-2024-11912 was published Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-49677 was published Dec 18, 2024
In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. High Unreviewed
CVE-2024-1610 was published Dec 18, 2024
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature.... High Unreviewed
CVE-2024-11614 was published Dec 18, 2024
In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary... High Unreviewed
CVE-2024-39703 was published Dec 18, 2024
Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE... High Unreviewed
CVE-2024-47397 was published Dec 18, 2024
Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0... High Unreviewed
CVE-2024-54457 was published Dec 18, 2024
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue... High Unreviewed
CVE-2024-53688 was published Dec 18, 2024
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and... High Unreviewed
CVE-2024-56174 was published Dec 18, 2024
The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation... High Unreviewed
CVE-2024-12259 was published Dec 18, 2024
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover... High Unreviewed
CVE-2024-12432 was published Dec 18, 2024
Authorization bypass through user-controlled key vulnerability in streaming service in Synology... High Unreviewed
CVE-2024-4464 was published Dec 18, 2024
The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy'... High Unreviewed
CVE-2024-12025 was published Dec 18, 2024
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution... High Unreviewed
CVE-2024-47480 was published Dec 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database