GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
93,734 advisories
Filter by severity
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-55984
was published
Dec 18, 2024
The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL...
High
Unreviewed
CVE-2024-11912
was published
Dec 18, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
High
Unreviewed
CVE-2024-54270
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-49677
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-51646
was published
Dec 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-55983
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-54350
was published
Dec 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-55985
was published
Dec 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-55975
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-56016
was published
Dec 18, 2024
Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality...
High
Unreviewed
CVE-2024-56008
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-56010
was published
Dec 18, 2024
Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0...
High
Unreviewed
CVE-2024-54457
was published
Dec 18, 2024
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature....
High
Unreviewed
CVE-2024-11614
was published
Dec 18, 2024
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue...
High
Unreviewed
CVE-2024-53688
was published
Dec 18, 2024
Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE...
High
Unreviewed
CVE-2024-47397
was published
Dec 18, 2024
In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary...
High
Unreviewed
CVE-2024-39703
was published
Dec 18, 2024
In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.
High
Unreviewed
CVE-2024-1610
was published
Dec 18, 2024
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due...
High
Unreviewed
CVE-2024-21547
was published
Dec 18, 2024
Authorization bypass through user-controlled key vulnerability in streaming service in Synology...
High
Unreviewed
CVE-2024-4464
was published
Dec 18, 2024
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover...
High
Unreviewed
CVE-2024-12432
was published
Dec 18, 2024
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code...
High
Unreviewed
CVE-2024-21546
was published
Dec 18, 2024
Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper...
High
Unreviewed
CVE-2024-21548
was published
Dec 18, 2024
The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation...
High
Unreviewed
CVE-2024-12259
was published
Dec 18, 2024
The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy'...
High
Unreviewed
CVE-2024-12025
was published
Dec 18, 2024
ProTip!
Advisories are also available from the
GraphQL API