Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

101,354 advisories

Loading
A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a... High Unreviewed
CVE-2024-12670 was published Dec 17, 2024
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability High
CVE-2024-50379 was published for org.apache.tomcat:tomcat-catalina (Maven) Dec 17, 2024
A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a... High Unreviewed
CVE-2024-36832 was published Dec 17, 2024
Next.js authorization bypass vulnerability High
CVE-2024-51479 was published for next (npm) Dec 17, 2024
tyage
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member... High Unreviewed
CVE-2024-8326 was published Dec 17, 2024
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-12024 was published Dec 17, 2024
The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... High Unreviewed
CVE-2024-12293 was published Dec 17, 2024
Locally installed application can bypass the permission check and perform system operations that... High Unreviewed
CVE-2021-26280 was published Dec 17, 2024
CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause... High Unreviewed
CVE-2024-11999 was published Dec 17, 2024
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all... High Unreviewed
CVE-2024-9624 was published Dec 17, 2024
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and... High Unreviewed
CVE-2024-38499 was published Dec 17, 2024
Due to the flaws in the verification of input parameters, the attacker can input carefully... High Unreviewed
CVE-2020-12487 was published Dec 17, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored... High Unreviewed
CVE-2024-56017 was published Dec 17, 2024
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a... High Unreviewed
CVE-2024-37775 was published Dec 17, 2024
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers... High Unreviewed
CVE-2024-37774 was published Dec 17, 2024
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows... High Unreviewed
CVE-2024-12687 was published Dec 16, 2024
Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities... High Unreviewed
CVE-2024-55104 was published Dec 16, 2024
Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the... High Unreviewed
CVE-2024-55103 was published Dec 16, 2024
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion High
GHSA-8wcc-m6j2-qxvm was published for cosmossdk.io/x/tx (Go) Dec 16, 2024
An improper validation vulnerability was reported in the firmware update mechanism of LADM and... High Unreviewed
CVE-2024-4762 was published Dec 16, 2024
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... High Unreviewed
CVE-2024-54279 was published Dec 16, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-54257 was published Dec 16, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-54249 was published Dec 16, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-54284 was published Dec 16, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-54283 was published Dec 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database