Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

101,354 advisories

Loading
In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key... High Unreviewed
CVE-2024-26961 was published May 1, 2024
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race... High Unreviewed
CVE-2024-26974 was published May 1, 2024
In the Linux kernel, the following vulnerability has been resolved: bootconfig: use... High Unreviewed
CVE-2024-26983 was published May 1, 2024
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. High Unreviewed
CVE-2021-44207 was published Dec 22, 2021
Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A... High Unreviewed
CVE-2024-12903 was published Dec 23, 2024
ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine.... High Unreviewed
CVE-2024-12902 was published Dec 23, 2024
home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the... High Unreviewed
CVE-2024-54082 was published Dec 23, 2024
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection... High Unreviewed
CVE-2024-45721 was published Dec 23, 2024
A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system... High Unreviewed
CVE-2024-9154 was published Dec 19, 2024
Laravel environment manipulation via query string High
CVE-2024-52301 was published for laravel/framework (Composer) Nov 12, 2024
The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2024-12066 was published Dec 21, 2024
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross... High Unreviewed
CVE-2024-12771 was published Dec 21, 2024
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-12721 was published Dec 21, 2024
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable... High Unreviewed
CVE-2024-11977 was published Dec 21, 2024
Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned... High Unreviewed
CVE-2024-49202 was published Dec 18, 2024
The AirVantage platform is vulnerable to an unauthorized attacker registering previously... High Unreviewed
CVE-2023-31279 was published Dec 21, 2024
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin... High Unreviewed
CVE-2024-55088 was published Dec 18, 2024
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) High
CVE-2024-56334 was published for systeminformation (npm) Dec 20, 2024
xAiluros
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback High
CVE-2024-56329 was published for joelbutcher/socialstream (Composer) Dec 20, 2024
carlosmintfan
If the attacker has access to a valid Poweruser session, remote code execution is possible... High Unreviewed
CVE-2024-47946 was published Dec 10, 2024
Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows... High Unreviewed
CVE-2024-37758 was published Dec 20, 2024
Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6... High Unreviewed
CVE-2024-12867 was published Dec 20, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability High
CVE-2024-56337 was published for org.apache.tomcat:tomcat-catalina (Maven) Dec 20, 2024
Oqtane Framework Incorrect Access Control vulnerability High
CVE-2024-55470 was published for Oqtane.Framework (NuGet) Dec 20, 2024
Browsershot Improper Input Validation vulnerability High
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database