GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
484 advisories
Filter by severity
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID...
Critical
Unreviewed
CVE-2024-53604
was published
Nov 27, 2024
The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is...
Critical
Unreviewed
CVE-2024-8672
was published
Nov 28, 2024
An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard...
Critical
Unreviewed
CVE-2024-51367
was published
Nov 21, 2024
An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP...
Critical
Unreviewed
CVE-2024-44758
was published
Nov 15, 2024
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in...
Critical
Unreviewed
CVE-2024-52959
was published
Nov 27, 2024
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm...
Critical
Unreviewed
CVE-2024-52765
was published
Nov 20, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic...
Critical
Unreviewed
CVE-2024-52434
was published
Nov 18, 2024
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of...
Critical
Unreviewed
CVE-2024-10094
was published
Nov 20, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso...
Critical
Unreviewed
CVE-2024-52427
was published
Nov 18, 2024
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of...
Critical
Unreviewed
CVE-2024-50636
was published
Nov 12, 2024
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary...
Critical
Unreviewed
CVE-2023-29382
was published
Jul 6, 2023
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of...
Critical
Unreviewed
CVE-2024-50919
was published
Nov 18, 2024
Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE...
Critical
Unreviewed
CVE-2022-21846
was published
Jan 12, 2022
The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for...
Critical
Unreviewed
CVE-2024-46962
was published
Nov 11, 2024
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business...
Critical
Unreviewed
CVE-2024-35314
was published
Oct 21, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics...
Critical
Unreviewed
CVE-2024-10035
was published
Nov 4, 2024
Script injection vulnerability in the email module.Successful exploitation of this vulnerability...
Critical
Unreviewed
CVE-2023-52381
was published
Feb 18, 2024
Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the...
Critical
Unreviewed
CVE-2024-48359
was published
Oct 31, 2024
An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the Owned...
Critical
Unreviewed
CVE-2024-51424
was published
Oct 30, 2024
An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the PepeGxng...
Critical
Unreviewed
CVE-2024-51427
was published
Oct 30, 2024
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the...
Critical
Unreviewed
CVE-2023-38198
was published
Jul 13, 2023
A remote code execution (RCE) vulnerability in the component /PluXml/core/admin...
Critical
Unreviewed
CVE-2024-48138
was published
Oct 30, 2024
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI)...
Critical
Unreviewed
CVE-2024-37846
was published
Oct 25, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Now...
Critical
Unreviewed
CVE-2024-8923
was published
Oct 29, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console...
Critical
Unreviewed
CVE-2024-50498
was published
Oct 28, 2024
ProTip!
Advisories are also available from the
GraphQL API