GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,018
Composer 4,300
Erlang 31
GitHub Actions 21
Go 2,069
Maven 5,241
npm 3,744
NuGet 668
pip 3,429
Pub 12
RubyGems 892
Rust 880
Swift 36

Unreviewed advisories

All unreviewed 240,346

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

21,006 advisories

Filter by severity

Sort by

Least recently updated

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up... Critical Unreviewed

CVE-2024-10215 was published Jan 9, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2025-22540 was published Jan 9, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2025-22542 was published Jan 9, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms... Critical Unreviewed

CVE-2025-22504 was published Jan 9, 2025

The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite... Critical Unreviewed

CVE-2024-11642 was published Jan 9, 2025

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling... Critical Unreviewed

CVE-2024-12802 was published Jan 9, 2025

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed

CVE-2024-43650 was published Jan 9, 2025

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed

CVE-2024-43651 was published Jan 9, 2025

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed

CVE-2024-43655 was published Jan 9, 2025

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed

CVE-2024-43652 was published Jan 9, 2025

Authenticated command injection in the filename of a <redacted>.exe request leads to remote code... Critical Unreviewed

CVE-2024-43649 was published Jan 9, 2025

A post-authentication format string vulnerability in SonicOS management allows a remote attacker... Critical Unreviewed

CVE-2024-12805 was published Jan 9, 2025

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed

CVE-2024-43657 was published Jan 9, 2025

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed

CVE-2024-43656 was published Jan 9, 2025

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker... Critical Unreviewed

CVE-2024-40765 was published Jan 9, 2025

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed

CVE-2024-43653 was published Jan 9, 2025

A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a... Critical Unreviewed

CVE-2024-12803 was published Jan 9, 2025

Command injection in the <redacted> parameter of a <redacted>.exe request leads to remote code... Critical Unreviewed

CVE-2024-43648 was published Jan 9, 2025

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed

CVE-2024-43654 was published Jan 9, 2025

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN... Critical Unreviewed

CVE-2024-40762 was published Jan 9, 2025

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote... Critical Unreviewed

CVE-2024-53704 was published Jan 9, 2025

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy... Critical Unreviewed

CVE-2025-0282 was published Jan 9, 2025

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed

CVE-2024-11350 was published Jan 8, 2025

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary... Critical Unreviewed

CVE-2024-11613 was published Jan 8, 2025

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all... Critical Unreviewed

CVE-2024-11635 was published Jan 8, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

21,006 advisories