GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,326
Composer 4,132
Erlang 29
GitHub Actions 19
Go 1,937
Maven 5,133
npm 3,676
NuGet 642
pip 3,292
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 230,598

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,171 advisories

Filter by severity

Sort by

Least recently updated

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for... Critical Unreviewed

CVE-2024-9263 was published Oct 17, 2024

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated... Critical Unreviewed

CVE-2024-9464 was published Oct 9, 2024

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated... Critical Unreviewed

CVE-2024-9465 was published Oct 9, 2024

, aka 'Azure SDK for Java Security Feature Bypass Vulnerability'. Critical Unreviewed

CVE-2020-16971 was published May 24, 2022

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed

CVE-2024-9863 was published Oct 17, 2024

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary... Critical Unreviewed

CVE-2024-9862 was published Oct 17, 2024

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an... Critical Unreviewed

CVE-2024-10004 was published Oct 16, 2024

itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI... Critical Unreviewed

CVE-2024-48411 was published Oct 15, 2024

File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to... Critical Unreviewed

CVE-2024-48782 was published Oct 15, 2024

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte... Critical Unreviewed

CVE-2023-41360 was published Aug 29, 2023

Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead... Critical Unreviewed

CVE-2024-10018 was published Oct 16, 2024

Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before... Critical Unreviewed

CVE-2024-44730 was published Oct 11, 2024

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the... Critical Unreviewed

CVE-2024-46532 was published Oct 11, 2024

An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote... Critical Unreviewed

CVE-2024-48781 was published Oct 15, 2024

This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect... Critical Unreviewed

CVE-2024-47656 was published Oct 4, 2024

Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112... Critical Unreviewed

CVE-2024-22074 was published Jun 6, 2024

Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat,... Critical Unreviewed

CVE-2024-48251 was published Oct 14, 2024

Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection. Critical Unreviewed

CVE-2024-48255 was published Oct 14, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code... Critical Unreviewed

CVE-2024-49254 was published Oct 16, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments... Critical Unreviewed

CVE-2024-49216 was published Oct 16, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin –... Critical Unreviewed

CVE-2024-49260 was published Oct 16, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows... Critical Unreviewed

CVE-2024-49242 was published Oct 16, 2024

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all... Critical Unreviewed

CVE-2024-9893 was published Oct 16, 2024

: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza... Critical Unreviewed

CVE-2024-49247 was published Oct 16, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows... Critical Unreviewed

CVE-2024-49257 was published Oct 16, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

20,171 advisories