GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,912 advisories
Filter by severity
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all...
Critical
Unreviewed
CVE-2024-11015
was published
Dec 12, 2024
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2,...
Critical
Unreviewed
CVE-2024-54534
was published
Dec 12, 2024
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia...
Critical
Unreviewed
CVE-2024-54465
was published
Dec 12, 2024
This issue was addressed by using HTTPS when sending information over the network. This issue is...
Critical
Unreviewed
CVE-2024-54492
was published
Dec 12, 2024
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in...
Critical
Unreviewed
CVE-2024-54506
was published
Dec 12, 2024
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS...
Critical
Unreviewed
CVE-2024-44242
was published
Dec 12, 2024
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-49112
was published
Dec 12, 2024
In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the...
Critical
Unreviewed
CVE-2024-55884
was published
Dec 12, 2024
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS...
Critical
Unreviewed
CVE-2024-44241
was published
Dec 12, 2024
From the VSPC management agent machine, under condition that the management agent is authorized...
Critical
Unreviewed
CVE-2024-42448
was published
Dec 12, 2024
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote...
Critical
Unreviewed
CVE-2024-11948
was published
Dec 12, 2024
CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and...
Critical
Unreviewed
CVE-2024-11737
was published
Dec 11, 2024
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, curl could...
Critical
Unreviewed
CVE-2024-11053
was published
Dec 11, 2024
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting ...
Critical
Unreviewed
CVE-2024-54032
was published
Dec 10, 2024
Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php`...
Critical
Unreviewed
CVE-2024-53480
was published
Dec 10, 2024
An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication...
Critical
Unreviewed
CVE-2024-46442
was published
Dec 10, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure...
Critical
Unreviewed
CVE-2024-11634
was published
Dec 10, 2024
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote...
Critical
Unreviewed
CVE-2024-11773
was published
Dec 10, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated...
Critical
Unreviewed
CVE-2024-11633
was published
Dec 10, 2024
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote...
Critical
Unreviewed
CVE-2024-11639
was published
Dec 10, 2024
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote...
Critical
Unreviewed
CVE-2024-11772
was published
Dec 10, 2024
An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build...
Critical
Unreviewed
CVE-2024-45494
was published
Dec 10, 2024
An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build...
Critical
Unreviewed
CVE-2024-45493
was published
Dec 10, 2024
MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using...
Critical
Unreviewed
CVE-2024-12286
was published
Dec 10, 2024
SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP...
Critical
Unreviewed
CVE-2024-55547
was published
Dec 10, 2024
ProTip!
Advisories are also available from the
GraphQL API