Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

24,090 advisories

Loading
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and... Critical Unreviewed
CVE-2024-12583 was published Jan 4, 2025
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32... Critical Unreviewed
CVE-2025-22376 was published Jan 4, 2025
An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate... Critical Unreviewed
CVE-2024-55507 was published Jan 3, 2025
An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0... Critical Unreviewed
CVE-2024-55078 was published Jan 3, 2025
Moxa’s cellular routers, secure routers, and network security appliances are affected by a... Critical Unreviewed
CVE-2024-9140 was published Jan 3, 2025
In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to... Critical Unreviewed
CVE-2024-53842 was published Jan 3, 2025
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive... Critical Unreviewed
CVE-2025-22275 was published Jan 3, 2025
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability Critical
CVE-2024-56198 was published for path-sanitizer (npm) Jan 2, 2025
realArcherL
Unrestricted Upload of File with Dangerous Type vulnerability in Webdeclic WPMasterToolKit allows... Critical Unreviewed
CVE-2024-56249 was published Jan 2, 2025
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a ... Critical Unreviewed
CVE-2024-56829 was published Jan 2, 2025
Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This... Critical Unreviewed
CVE-2024-56043 was published Dec 31, 2024
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue... Critical Unreviewed
CVE-2024-56045 was published Dec 31, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a... Critical Unreviewed
CVE-2024-56046 was published Dec 31, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS allows... Critical Unreviewed
CVE-2024-56044 was published Dec 31, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-56042 was published Dec 31, 2024
Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP allows Privilege Escalation... Critical Unreviewed
CVE-2024-56040 was published Dec 31, 2024
Incorrect Privilege Assignment vulnerability in Mike Leembruggen Simple Dashboard allows... Critical Unreviewed
CVE-2024-56071 was published Dec 31, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows... Critical Unreviewed
CVE-2024-56064 was published Dec 31, 2024
Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This... Critical Unreviewed
CVE-2024-56066 was published Dec 31, 2024
Incorrect Privilege Assignment vulnerability in AI Magic allows Privilege Escalation.This issue... Critical Unreviewed
CVE-2024-56205 was published Dec 31, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-56039 was published Dec 31, 2024
The Electronic Official Document Management System from 2100 Technology has an Authentication... Critical Unreviewed
CVE-2024-13061 was published Dec 31, 2024
In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP... Critical Unreviewed
CVE-2024-12106 was published Dec 31, 2024
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp... Critical Unreviewed
CVE-2024-12108 was published Dec 31, 2024
Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows... Critical Unreviewed
CVE-2024-56220 was published Dec 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database