GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,018
Composer 4,300
Erlang 31
GitHub Actions 21
Go 2,069
Maven 5,241
npm 3,744
NuGet 668
pip 3,429
Pub 12
RubyGems 892
Rust 880
Swift 36

Unreviewed advisories

All unreviewed 240,346

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

509 advisories

Filter by severity

Sort by

Least recently updated

File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary... Critical Unreviewed

CVE-2024-50660 was published Jan 7, 2025

Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to... Critical Unreviewed

CVE-2024-50658 was published Jan 7, 2025

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all... Critical Unreviewed

CVE-2024-11635 was published Jan 8, 2025

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary... Critical Unreviewed

CVE-2024-11613 was published Jan 8, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders WP... Critical Unreviewed

CVE-2024-56278 was published Jan 7, 2025

The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing... Critical Unreviewed

CVE-2024-12252 was published Jan 7, 2025

Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template. Critical Unreviewed

CVE-2024-55529 was published Jan 6, 2025

The go command may execute arbitrary code at build time when using cgo. This may occur when... Critical Unreviewed

CVE-2023-29404 was published Jun 8, 2023

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1... Critical Unreviewed

CVE-2023-35034 was published Jun 12, 2023

D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing... Critical Unreviewed

CVE-2019-10891 was published May 24, 2022

Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible... Critical Unreviewed

CVE-2024-1297 was published Feb 20, 2024

A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script... Critical Unreviewed

CVE-2024-12652 was published Dec 26, 2024

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or... Critical Unreviewed

CVE-2014-6287 was published May 13, 2022

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell... Critical Unreviewed

CVE-2024-12372 was published Dec 18, 2024

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5... Critical Unreviewed

CVE-2023-34990 was published Dec 18, 2024

Multiple Sitecore products allow remote code execution. This affects Experience Manager,... Critical Unreviewed

CVE-2023-35813 was published Jun 18, 2023

GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in... Critical Unreviewed

CVE-2024-55085 was published Dec 17, 2024

The go command may generate unexpected code at build time when using cgo. This may result in... Critical Unreviewed

CVE-2023-29402 was published Jun 8, 2023

ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in... Critical Unreviewed

CVE-2024-21576 was published Dec 13, 2024

ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval()... Critical Unreviewed

CVE-2024-21577 was published Dec 13, 2024

From the VSPC management agent machine, under condition that the management agent is authorized... Critical Unreviewed

CVE-2024-42448 was published Dec 12, 2024

The issue stems from a missing validation of the pip field in a POST request sent to the ... Critical Unreviewed

CVE-2024-21574 was published Dec 12, 2024

An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the... Critical Unreviewed

CVE-2024-48453 was published Dec 4, 2024

Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php... Critical Unreviewed

CVE-2022-38946 was published Dec 9, 2024

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able... Critical Unreviewed

CVE-2023-35853 was published Jun 19, 2023

Previous 1 2 3 4 5 … 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

509 advisories