Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,983 advisories

Loading
Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&&... High Unreviewed
CVE-2024-37860 was published Dec 6, 2024
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2... High Unreviewed
CVE-2024-30961 was published Dec 6, 2024
Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB... Critical Unreviewed
CVE-2024-48839 was published Dec 5, 2024
Unauthorized Access vulnerabilities allow Remote Code Execution.  Affected products: ABB ASPECT... Critical Unreviewed
CVE-2024-48840 was published Dec 5, 2024
An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2024-48453 was published Dec 4, 2024
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via... High Unreviewed
CVE-2024-10952 was published Dec 4, 2024
hull.js Code Injection Vulnerability Critical
GHSA-q849-wxrc-vqrp was published for hull.js (npm) Dec 2, 2024
mcoimbra filipeom
An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of... High Unreviewed
CVE-2024-53564 was published Dec 2, 2024
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization High
CVE-2024-36610 was published for symfony/var-dumper (Composer) Nov 29, 2024 withdrawn
jderusse
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the... Critical Unreviewed
CVE-2024-36622 was published Nov 29, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows... High Unreviewed
CVE-2024-11620 was published Nov 28, 2024
The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is... Critical Unreviewed
CVE-2024-8672 was published Nov 28, 2024
In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at... Critical Unreviewed
CVE-2024-53920 was published Nov 27, 2024
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID... Critical Unreviewed
CVE-2024-53604 was published Nov 27, 2024
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in... Critical Unreviewed
CVE-2024-52959 was published Nov 27, 2024
When handling keypress events, an attacker may have been able to trick a user into bypassing the ... High Unreviewed
CVE-2024-11697 was published Nov 26, 2024
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of... High Unreviewed
CVE-2024-11699 was published Nov 26, 2024
The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via... Moderate Unreviewed
CVE-2024-11002 was published Nov 26, 2024
IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject... High Unreviewed
CVE-2024-52899 was published Nov 26, 2024
A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of... High Unreviewed
CVE-2024-53554 was published Nov 26, 2024
The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form... High Unreviewed
CVE-2024-11034 was published Nov 23, 2024
Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3... High Unreviewed
CVE-2021-38117 was published Nov 22, 2024
An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard... Critical Unreviewed
CVE-2024-51367 was published Nov 21, 2024
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm... Critical Unreviewed
CVE-2024-52765 was published Nov 20, 2024
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of... Critical Unreviewed
CVE-2024-10094 was published Nov 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database