Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,425
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

4,023 advisories

Loading
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2022-30141 was published Jun 16, 2022
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-30145 was published Jun 16, 2022
Windows Fax Service Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-29115 was published May 11, 2022
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible... Critical Unreviewed
CVE-2024-1297 was published Feb 20, 2024
The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is... Moderate Unreviewed
CVE-2024-12238 was published Dec 29, 2024
An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2024-50715 was published Dec 27, 2024
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via... High Unreviewed
CVE-2024-54907 was published Dec 26, 2024
Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26)... Moderate Unreviewed
CVE-2024-12908 was published Dec 26, 2024
A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script... Critical Unreviewed
CVE-2024-12652 was published Dec 26, 2024
Gogs allows argument injection during the previewing of changes Critical
CVE-2024-39932 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Duplicate Advisory: Gogs allows argument injection during the previewing of changes Critical
GHSA-hf29-9hfh-w63j was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system... High Unreviewed
CVE-2024-9154 was published Dec 19, 2024
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable... High Unreviewed
CVE-2024-11977 was published Dec 21, 2024
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) High
CVE-2024-56334 was published for systeminformation (npm) Dec 20, 2024
xAiluros
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution High
CVE-2024-56327 was published for pyrage (pip) Dec 19, 2024
gaby woodruffw
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or... High Unreviewed
CVE-2013-3163 was published May 14, 2022
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or... Critical Unreviewed
CVE-2014-6287 was published May 13, 2022
A post-auth SQLi vulnerability in the User Portal allows authenticated users to execute code... High Unreviewed
CVE-2024-12729 was published Dec 19, 2024
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9... High Unreviewed
CVE-2009-1862 was published May 2, 2022
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for... High Unreviewed
CVE-2009-0557 was published May 2, 2022
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in... High Unreviewed
CVE-2024-11740 was published Dec 19, 2024
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-36694 was published for opencart/opencart (Composer) Jul 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS... High Unreviewed
CVE-2024-56051 was published Dec 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database