Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,757
NuGet
678
pip
3,444
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

24,367 advisories

Loading
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An... Critical Unreviewed
CVE-2024-52329 was published Jan 23, 2025
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated... Critical Unreviewed
CVE-2024-52330 was published Jan 23, 2025
It has been found that the Beta10 software does not provide for proper authorisation control in... Critical Unreviewed
CVE-2025-0637 was published Jan 23, 2025
Pre-authentication deserialization of untrusted data vulnerability has been identified in the... Critical Unreviewed
CVE-2025-23006 was published Jan 23, 2025
An issue was identified in Fleet Server where Fleet policies that could contain sensitive... Critical Unreviewed
CVE-2024-52975 was published Jan 23, 2025
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated... Critical Unreviewed
CVE-2025-20156 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows... Critical Unreviewed
CVE-2025-23914 was published Jan 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Smallerik File Browser... Critical Unreviewed
CVE-2025-23918 was published Jan 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Multi Uploader for... Critical Unreviewed
CVE-2025-23921 was published Jan 22, 2025
Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection.... Critical Unreviewed
CVE-2025-23932 was published Jan 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files... Critical Unreviewed
CVE-2025-23953 was published Jan 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-23931 was published Jan 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows... Critical Unreviewed
CVE-2025-23942 was published Jan 22, 2025
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed
CVE-2024-12857 was published Jan 22, 2025
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a... Critical Unreviewed
CVE-2024-49747 was published Jan 22, 2025
In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due... Critical Unreviewed
CVE-2024-49748 was published Jan 22, 2025
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due... Critical Unreviewed
CVE-2024-13091 was published Jan 22, 2025
A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit... Critical Unreviewed
CVE-2024-24421 was published Jan 22, 2025
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2023-27112 was published Jan 22, 2025
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2023-27113 was published Jan 22, 2025
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications ... Critical Unreviewed
CVE-2025-21547 was published Jan 21, 2025
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile... Critical Unreviewed
CVE-2025-21556 was published Jan 21, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component:... Critical Unreviewed
CVE-2025-21524 was published Jan 21, 2025
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Critical Unreviewed
CVE-2025-21535 was published Jan 21, 2025
Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. Critical Unreviewed
CVE-2024-55959 was published Jan 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database