GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,069
Composer 4,318
Erlang 31
GitHub Actions 21
Go 2,077
Maven 5,250
npm 3,746
NuGet 674
pip 3,435
Pub 12
RubyGems 892
Rust 881
Swift 37

Unreviewed advisories

All unreviewed 241,224

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

21,122 advisories

Filter by severity

Sort by

Least recently updated

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2025-22785 was published Jan 15, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List... Critical Unreviewed

CVE-2025-22782 was published Jan 15, 2025

An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username... Critical Unreviewed

CVE-2021-44092 was published Jan 21, 2022

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper... Critical Unreviewed

CVE-2024-12084 was published Jan 15, 2025

Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable... Critical Unreviewed

CVE-2024-12297 was published Jan 15, 2025

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in... Critical Unreviewed

CVE-2024-9636 was published Jan 15, 2025

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading... Critical Unreviewed

CVE-2025-23061 was published Jan 15, 2025

File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was... Critical Unreviewed

CVE-2024-56828 was published Jan 6, 2025

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM... Critical Unreviewed

CVE-2021-27647 was published May 24, 2022

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager ... Critical Unreviewed

CVE-2021-27649 was published May 24, 2022

Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed

CVE-2021-43927 was published Feb 8, 2022

Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed

CVE-2021-43926 was published Feb 8, 2022

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager ... Critical Unreviewed

CVE-2020-27648 was published May 24, 2022

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM)... Critical Unreviewed

CVE-2021-27646 was published May 24, 2022

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to... Critical Unreviewed

CVE-2018-1160 was published May 13, 2022

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of... Critical Unreviewed

CVE-2017-14491 was published Apr 30, 2022

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an... Critical Unreviewed

CVE-2024-48856 was published Jan 14, 2025

Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed

CVE-2021-43925 was published Feb 8, 2022

A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality... Critical Unreviewed

CVE-2024-39359 was published Jan 14, 2025

A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8... Critical Unreviewed

CVE-2024-39273 was published Jan 14, 2025

An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of... Critical Unreviewed

CVE-2024-37186 was published Jan 14, 2025

A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of... Critical Unreviewed

CVE-2024-39357 was published Jan 14, 2025

A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink... Critical Unreviewed

CVE-2024-36272 was published Jan 14, 2025

An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink... Critical Unreviewed

CVE-2024-39360 was published Jan 14, 2025

A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink... Critical Unreviewed

CVE-2024-39294 was published Jan 14, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

21,122 advisories