GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,927
Composer 4,272
Erlang 31
GitHub Actions 21
Go 2,047
Maven 5,232
npm 3,739
NuGet 668
pip 3,415
Pub 12
RubyGems 891
Rust 868
Swift 36

Unreviewed advisories

All unreviewed 238,407

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,908 advisories

Filter by severity

Sort by

Least recently updated

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed

CVE-2024-11349 was published Dec 21, 2024

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially... Critical Unreviewed

CVE-2024-28892 was published Dec 20, 2024

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A... Critical Unreviewed

CVE-2024-21855 was published Dec 20, 2024

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an... Critical Unreviewed

CVE-2024-51466 was published Dec 20, 2024

The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is... Critical Unreviewed

CVE-2024-12571 was published Dec 20, 2024

There is a command injection vulnerability in Huawei terminal printer product. Successful... Critical Unreviewed

CVE-2022-32203 was published Dec 20, 2024

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos... Critical Unreviewed

CVE-2024-12728 was published Dec 19, 2024

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall... Critical Unreviewed

CVE-2024-12727 was published Dec 19, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-10244 was published Dec 19, 2024

A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all... Critical Unreviewed

CVE-2021-26102 was published Dec 19, 2024

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in... Critical Unreviewed

CVE-2024-12626 was published Dec 19, 2024

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android... Critical Unreviewed

CVE-2023-4617 was published Dec 19, 2024

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in... Critical Unreviewed

CVE-2024-11984 was published Dec 19, 2024

There is a possible UAF due to a logic error in the code. This could lead to local escalation of... Critical Unreviewed

CVE-2024-47040 was published Dec 18, 2024

In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due... Critical Unreviewed

CVE-2024-47038 was published Dec 18, 2024

In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a... Critical Unreviewed

CVE-2024-47039 was published Dec 18, 2024

Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege... Critical Unreviewed

CVE-2024-54383 was published Dec 18, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a... Critical Unreviewed

CVE-2024-56052 was published Dec 18, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a... Critical Unreviewed

CVE-2024-56054 was published Dec 18, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a... Critical Unreviewed

CVE-2024-56057 was published Dec 18, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a... Critical Unreviewed

CVE-2024-56050 was published Dec 18, 2024

A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This... Critical Unreviewed

CVE-2024-12371 was published Dec 18, 2024

A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The... Critical Unreviewed

CVE-2024-12373 was published Dec 18, 2024

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell... Critical Unreviewed

CVE-2024-12372 was published Dec 18, 2024

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5... Critical Unreviewed

CVE-2023-34990 was published Dec 18, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

20,908 advisories