GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
101,354 advisories
Filter by severity
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox...
High
Unreviewed
CVE-2024-49576
was published
Dec 18, 2024
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page...
High
Unreviewed
CVE-2024-47810
was published
Dec 18, 2024
In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be...
High
Unreviewed
CVE-2024-55086
was published
Dec 18, 2024
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin...
High
Unreviewed
CVE-2024-55088
was published
Dec 18, 2024
TShock Security Escalation Exploit
High
GHSA-hvm9-wc8j-mgrc
was published
for
TShock
(NuGet)
Dec 18, 2024
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')...
High
Unreviewed
CVE-2024-48889
was published
Dec 18, 2024
An OS command injection vulnerability exists in the web interface configuration upload...
High
Unreviewed
CVE-2024-21786
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-51646
was published
Dec 18, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
High
Unreviewed
CVE-2024-54270
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-54350
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-56016
was published
Dec 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-55984
was published
Dec 18, 2024
Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality...
High
Unreviewed
CVE-2024-56008
was published
Dec 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-55985
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-56010
was published
Dec 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-55975
was published
Dec 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-55983
was published
Dec 18, 2024
The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL...
High
Unreviewed
CVE-2024-11912
was published
Dec 18, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-49677
was published
Dec 18, 2024
In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.
High
Unreviewed
CVE-2024-1610
was published
Dec 18, 2024
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature....
High
Unreviewed
CVE-2024-11614
was published
Dec 18, 2024
In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary...
High
Unreviewed
CVE-2024-39703
was published
Dec 18, 2024
Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE...
High
Unreviewed
CVE-2024-47397
was published
Dec 18, 2024
Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0...
High
Unreviewed
CVE-2024-54457
was published
Dec 18, 2024
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue...
High
Unreviewed
CVE-2024-53688
was published
Dec 18, 2024
ProTip!
Advisories are also available from the
GraphQL API