GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,913 advisories
Filter by severity
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-8950
was published
Dec 25, 2024
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to...
Critical
Unreviewed
CVE-2024-52046
was published
Dec 25, 2024
The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all...
Critical
Unreviewed
CVE-2024-11281
was published
Dec 25, 2024
Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build...
Critical
Unreviewed
CVE-2024-25255
was published
Nov 12, 2024
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can...
Critical
Unreviewed
CVE-2024-40896
was published
Dec 23, 2024
Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be...
Critical
Unreviewed
CVE-2024-46873
was published
Dec 23, 2024
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to,...
Critical
Unreviewed
CVE-2024-11349
was published
Dec 21, 2024
A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project...
Critical
Unreviewed
CVE-2024-55496
was published
Dec 17, 2024
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache...
Critical
Unreviewed
CVE-2024-4577
was published
Jun 9, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16...
Critical
Unreviewed
CVE-2023-7028
was published
Jan 12, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2023-34048
was published
Oct 25, 2023
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially...
Critical
Unreviewed
CVE-2024-28892
was published
Dec 20, 2024
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A...
Critical
Unreviewed
CVE-2024-21855
was published
Dec 20, 2024
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in...
Critical
Unreviewed
CVE-2024-11984
was published
Dec 19, 2024
A deserialization of untrusted data vulnerability with a malicious payload can allow an...
Critical
Unreviewed
CVE-2024-40711
was published
Sep 7, 2024
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an...
Critical
Unreviewed
CVE-2024-55956
was published
Dec 13, 2024
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
is vulnerable to an...
Critical
Unreviewed
CVE-2024-51466
was published
Dec 20, 2024
The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is...
Critical
Unreviewed
CVE-2024-12571
was published
Dec 20, 2024
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or...
Critical
Unreviewed
CVE-2014-6287
was published
May 13, 2022
There is a command injection vulnerability in Huawei terminal printer product. Successful...
Critical
Unreviewed
CVE-2022-32203
was published
Dec 20, 2024
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos...
Critical
Unreviewed
CVE-2024-12728
was published
Dec 19, 2024
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall...
Critical
Unreviewed
CVE-2024-12727
was published
Dec 19, 2024
Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote...
Critical
Unreviewed
CVE-2024-3845
was published
Apr 17, 2024
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote...
Critical
Unreviewed
CVE-2024-3847
was published
Apr 17, 2024
ProTip!
Advisories are also available from the
GraphQL API