GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,562
Composer 4,198
Erlang 31
GitHub Actions 19
Go 1,986
Maven 5,163
npm 3,702
NuGet 660
pip 3,328
Pub 11
RubyGems 883
Rust 843
Swift 36

Unreviewed advisories

All unreviewed 233,914

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,468 advisories

Filter by severity

Sort by

Least recently updated

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due... Critical Unreviewed

CVE-2024-11150 was published Nov 13, 2024

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed

CVE-2024-10820 was published Nov 13, 2024

CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when... Critical Unreviewed

CVE-2024-10575 was published Nov 13, 2024

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability... Critical Unreviewed

CVE-2024-8938 was published Nov 13, 2024

Argument injection in Ivanti Connect Secure before version 22.7R2 and 9.1R18.7 and Ivanti Policy... Critical Unreviewed

CVE-2024-39710 was published Nov 13, 2024

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti... Critical Unreviewed

CVE-2024-39711 was published Nov 13, 2024

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed

CVE-2024-38655 was published Nov 13, 2024

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti... Critical Unreviewed

CVE-2024-39712 was published Nov 13, 2024

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti... Critical Unreviewed

CVE-2024-38656 was published Nov 13, 2024

Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation... Critical Unreviewed

CVE-2023-4699 was published Nov 6, 2023

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed

CVE-2024-10218 was published Nov 12, 2024

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed

CVE-2024-10217 was published Nov 12, 2024

Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data... Critical Unreviewed

CVE-2024-8074 was published Nov 12, 2024

A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage... Critical Unreviewed

CVE-2024-50989 was published Nov 11, 2024

vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src... Critical Unreviewed

CVE-2024-35426 was published Nov 9, 2024

The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm... Critical Unreviewed

CVE-2024-50667 was published Nov 11, 2024

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer... Critical Unreviewed

CVE-2024-52533 was published Nov 12, 2024

Azure CycleCloud Remote Code Execution Vulnerability Critical Unreviewed

CVE-2024-43602 was published Nov 12, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6... Critical Unreviewed

CVE-2024-50330 was published Nov 12, 2024

Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed

CVE-2024-11005 was published Nov 12, 2024

Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed

CVE-2024-11006 was published Nov 12, 2024

An authentication bypass vulnerability exists in the affected product. The vulnerability exists... Critical Unreviewed

CVE-2024-10943 was published Nov 12, 2024

Windows Kerberos Remote Code Execution Vulnerability Critical Unreviewed

CVE-2024-43639 was published Nov 12, 2024

Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed

CVE-2024-11007 was published Nov 12, 2024

The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for... Critical Unreviewed

CVE-2024-46962 was published Nov 11, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

20,468 advisories