GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,642
Composer 4,232
Erlang 31
GitHub Actions 20
Go 1,991
Maven 5,179
npm 3,709
NuGet 661
pip 3,344
Pub 11
RubyGems 884
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 234,623

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

92,347 advisories

Filter by severity

Sort by

Least recently updated

In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in... High Unreviewed

CVE-2024-23715 was published Nov 13, 2024

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the... High Unreviewed

CVE-2024-11075 was published Nov 19, 2024

Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT... High Unreviewed

CVE-2024-10204 was published Nov 19, 2024

In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By... High Unreviewed

CVE-2021-25965 was published May 24, 2022

Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'... High Unreviewed

CVE-2020-12627 was published May 24, 2022

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is... High Unreviewed

CVE-2024-11194 was published Nov 19, 2024

The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7... High Unreviewed

CVE-2024-11038 was published Nov 19, 2024

The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in... High Unreviewed

CVE-2024-11036 was published Nov 19, 2024

The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed

CVE-2024-10388 was published Nov 19, 2024

Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation... High Unreviewed

CVE-2024-8403 was published Nov 19, 2024

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component:... High Unreviewed

CVE-2024-21287 was published Nov 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed

CVE-2024-52417 was published Nov 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed

CVE-2024-52418 was published Nov 19, 2024

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add a check... High Unreviewed

CVE-2024-50209 was published Nov 8, 2024

SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized... High Unreviewed

CVE-2021-27700 was published Nov 13, 2024

File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows... High Unreviewed

CVE-2024-42676 was published Aug 15, 2024

In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting. High Unreviewed

CVE-2024-52871 was published Nov 17, 2024

In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions. High Unreviewed

CVE-2024-52872 was published Nov 17, 2024

Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only... High Unreviewed

CVE-2024-41151 was published Nov 18, 2024

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. ... High Unreviewed

CVE-2024-45791 was published Nov 18, 2024

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... High Unreviewed

CVE-2024-45505 was published Nov 18, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed

CVE-2024-3370 was published Nov 18, 2024

Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory... High Unreviewed

CVE-2024-52915 was published Nov 18, 2024

Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application... High Unreviewed

CVE-2024-52876 was published Nov 17, 2024

AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes... High Unreviewed

CVE-2024-52940 was published Nov 18, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

92,347 advisories