GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,002
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
478 advisories
Filter by severity
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of...
Critical
Unreviewed
CVE-2024-10094
was published
Nov 20, 2024
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of...
Critical
Unreviewed
CVE-2024-50919
was published
Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso...
Critical
Unreviewed
CVE-2024-52427
was published
Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic...
Critical
Unreviewed
CVE-2024-52434
was published
Nov 18, 2024
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of...
Critical
Unreviewed
CVE-2024-50636
was published
Nov 12, 2024
The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for...
Critical
Unreviewed
CVE-2024-46962
was published
Nov 11, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics...
Critical
Unreviewed
CVE-2024-10035
was published
Nov 4, 2024
Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the...
Critical
Unreviewed
CVE-2024-48359
was published
Oct 31, 2024
An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the PepeGxng...
Critical
Unreviewed
CVE-2024-51427
was published
Oct 30, 2024
An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the Owned...
Critical
Unreviewed
CVE-2024-51424
was published
Oct 30, 2024
A remote code execution (RCE) vulnerability in the component /PluXml/core/admin...
Critical
Unreviewed
CVE-2024-48138
was published
Oct 30, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Now...
Critical
Unreviewed
CVE-2024-8923
was published
Oct 29, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console...
Critical
Unreviewed
CVE-2024-50498
was published
Oct 28, 2024
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI)...
Critical
Unreviewed
CVE-2024-37846
was published
Oct 25, 2024
SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a...
Critical
Unreviewed
CVE-2024-48579
was published
Oct 25, 2024
File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48581
was published
Oct 25, 2024
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote...
Critical
Unreviewed
CVE-2024-48204
was published
Oct 25, 2024
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business...
Critical
Unreviewed
CVE-2024-35314
was published
Oct 21, 2024
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an...
Critical
Unreviewed
CVE-2024-35285
was published
Oct 21, 2024
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability.
Critical
Unreviewed
CVE-2023-26785
was published
Oct 18, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code...
Critical
Unreviewed
CVE-2024-49254
was published
Oct 16, 2024
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link...
Critical
Unreviewed
CVE-2024-48168
was published
Oct 14, 2024
A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code ...
Critical
Unreviewed
CVE-2024-45874
was published
Oct 8, 2024
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary...
Critical
Unreviewed
CVE-2024-45873
was published
Oct 8, 2024
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code...
Critical
Unreviewed
CVE-2024-46076
was published
Oct 7, 2024
ProTip!
Advisories are also available from the
GraphQL API