GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
92,347 advisories
Filter by severity
In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in...
High
Unreviewed
CVE-2024-23715
was published
Nov 13, 2024
A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the...
High
Unreviewed
CVE-2024-11075
was published
Nov 19, 2024
Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT...
High
Unreviewed
CVE-2024-10204
was published
Nov 19, 2024
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By...
High
Unreviewed
CVE-2021-25965
was published
May 24, 2022
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'...
High
Unreviewed
CVE-2020-12627
was published
May 24, 2022
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is...
High
Unreviewed
CVE-2024-11194
was published
Nov 19, 2024
The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7...
High
Unreviewed
CVE-2024-11038
was published
Nov 19, 2024
The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in...
High
Unreviewed
CVE-2024-11036
was published
Nov 19, 2024
The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
High
Unreviewed
CVE-2024-10388
was published
Nov 19, 2024
Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation...
High
Unreviewed
CVE-2024-8403
was published
Nov 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-52417
was published
Nov 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-52418
was published
Nov 19, 2024
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component:...
High
Unreviewed
CVE-2024-21287
was published
Nov 19, 2024
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Add a check...
High
Unreviewed
CVE-2024-50209
was published
Nov 8, 2024
SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized...
High
Unreviewed
CVE-2021-27700
was published
Nov 13, 2024
File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows...
High
Unreviewed
CVE-2024-42676
was published
Aug 15, 2024
In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions.
High
Unreviewed
CVE-2024-52872
was published
Nov 17, 2024
In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting.
High
Unreviewed
CVE-2024-52871
was published
Nov 17, 2024
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory...
High
Unreviewed
CVE-2024-52915
was published
Nov 18, 2024
Deserialization of Untrusted Data vulnerability in Apache HertzBeat.
This vulnerability can only...
High
Unreviewed
CVE-2024-41151
was published
Nov 18, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.
...
High
Unreviewed
CVE-2024-45791
was published
Nov 18, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability...
High
Unreviewed
CVE-2024-45505
was published
Nov 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-3370
was published
Nov 18, 2024
Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.
High
Unreviewed
CVE-2024-52926
was published
Nov 18, 2024
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a...
High
Unreviewed
CVE-2024-52914
was published
Nov 18, 2024
ProTip!
Advisories are also available from the
GraphQL API