GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,990
Composer 4,293
Erlang 31
GitHub Actions 21
Go 2,061
Maven 5,239
npm 3,744
NuGet 668
pip 3,423
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,508

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,954 advisories

Filter by severity

Sort by

Least recently updated

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows... Critical Unreviewed

CVE-2024-12828 was published Dec 30, 2024

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API... Critical Unreviewed

CVE-2024-10044 was published Dec 30, 2024

Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS... Critical Unreviewed

CVE-2024-47919 was published Dec 30, 2024

Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL... Critical Unreviewed

CVE-2024-47926 was published Dec 30, 2024

SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary... Critical Unreviewed

CVE-2024-50717 was published Dec 27, 2024

SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary... Critical Unreviewed

CVE-2024-50716 was published Dec 27, 2024

SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at... Critical Unreviewed

CVE-2024-50713 was published Dec 27, 2024

Integer overflow vulnerability exists in SimplCommerce at commit... Critical Unreviewed

CVE-2024-50944 was published Dec 27, 2024

An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is... Critical Unreviewed

CVE-2024-54450 was published Dec 27, 2024

A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script... Critical Unreviewed

CVE-2024-12652 was published Dec 26, 2024

oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid... Critical Unreviewed

CVE-2024-56431 was published Dec 25, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-8950 was published Dec 25, 2024

The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all... Critical Unreviewed

CVE-2024-11281 was published Dec 25, 2024

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can... Critical Unreviewed

CVE-2024-40896 was published Dec 23, 2024

Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be... Critical Unreviewed

CVE-2024-46873 was published Dec 23, 2024

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed

CVE-2024-11349 was published Dec 21, 2024

SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote... Critical Unreviewed

CVE-2024-55509 was published Dec 20, 2024

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A... Critical Unreviewed

CVE-2024-21855 was published Dec 20, 2024

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an... Critical Unreviewed

CVE-2024-51466 was published Dec 20, 2024

The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is... Critical Unreviewed

CVE-2024-12571 was published Dec 20, 2024

There is a command injection vulnerability in Huawei terminal printer product. Successful... Critical Unreviewed

CVE-2022-32203 was published Dec 20, 2024

An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted... Critical Unreviewed

CVE-2024-54984 was published Dec 20, 2024

An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass... Critical Unreviewed

CVE-2024-54982 was published Dec 20, 2024

An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a... Critical Unreviewed

CVE-2024-54983 was published Dec 20, 2024

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos... Critical Unreviewed

CVE-2024-12728 was published Dec 19, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

20,954 advisories