GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,910 advisories
Filter by severity
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can...
Critical
Unreviewed
CVE-2024-40896
was published
Dec 23, 2024
Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be...
Critical
Unreviewed
CVE-2024-46873
was published
Dec 23, 2024
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to,...
Critical
Unreviewed
CVE-2024-11349
was published
Dec 21, 2024
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially...
Critical
Unreviewed
CVE-2024-28892
was published
Dec 20, 2024
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A...
Critical
Unreviewed
CVE-2024-21855
was published
Dec 20, 2024
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
is vulnerable to an...
Critical
Unreviewed
CVE-2024-51466
was published
Dec 20, 2024
The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is...
Critical
Unreviewed
CVE-2024-12571
was published
Dec 20, 2024
There is a command injection vulnerability in Huawei terminal printer product. Successful...
Critical
Unreviewed
CVE-2022-32203
was published
Dec 20, 2024
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos...
Critical
Unreviewed
CVE-2024-12728
was published
Dec 19, 2024
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall...
Critical
Unreviewed
CVE-2024-12727
was published
Dec 19, 2024
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all...
Critical
Unreviewed
CVE-2021-26102
was published
Dec 19, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-10244
was published
Dec 19, 2024
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in...
Critical
Unreviewed
CVE-2024-12626
was published
Dec 19, 2024
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android...
Critical
Unreviewed
CVE-2023-4617
was published
Dec 19, 2024
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in...
Critical
Unreviewed
CVE-2024-11984
was published
Dec 19, 2024
There is a possible UAF due to a logic error in the code. This could lead to local escalation of...
Critical
Unreviewed
CVE-2024-47040
was published
Dec 18, 2024
In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due...
Critical
Unreviewed
CVE-2024-47038
was published
Dec 18, 2024
In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a...
Critical
Unreviewed
CVE-2024-47039
was published
Dec 18, 2024
Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege...
Critical
Unreviewed
CVE-2024-54383
was published
Dec 18, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a...
Critical
Unreviewed
CVE-2024-56052
was published
Dec 18, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a...
Critical
Unreviewed
CVE-2024-56054
was published
Dec 18, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a...
Critical
Unreviewed
CVE-2024-56057
was published
Dec 18, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a...
Critical
Unreviewed
CVE-2024-56050
was published
Dec 18, 2024
A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This...
Critical
Unreviewed
CVE-2024-12371
was published
Dec 18, 2024
A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The...
Critical
Unreviewed
CVE-2024-12373
was published
Dec 18, 2024
ProTip!
Advisories are also available from the
GraphQL API