Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

24,047 advisories

Loading
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to... Critical Unreviewed
CVE-2024-49147 was published Dec 12, 2024
A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0... Critical Unreviewed
CVE-2024-54811 was published Dec 12, 2024
XWiki allows remote code execution through the extension sheet Critical
CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList Critical
CVE-2024-55877 was published for org.xwiki.platform:xwiki-platform-help-ui (Maven) Dec 12, 2024
XWiki allows RCE from script right in configurable sections Critical
CVE-2024-55879 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 12, 2024
A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul... Critical Unreviewed
CVE-2024-54810 was published Dec 12, 2024
A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring... Critical Unreviewed
CVE-2024-55099 was published Dec 12, 2024
A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin... Critical Unreviewed
CVE-2024-54842 was published Dec 12, 2024
ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of... Critical Unreviewed
CVE-2024-21575 was published Dec 12, 2024
The issue stems from a missing validation of the pip field in a POST request sent to the ... Critical Unreviewed
CVE-2024-21574 was published Dec 12, 2024
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-10124 was published Dec 12, 2024
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all... Critical Unreviewed
CVE-2024-11015 was published Dec 12, 2024
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2,... Critical Unreviewed
CVE-2024-54534 was published Dec 12, 2024
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in... Critical Unreviewed
CVE-2024-54506 was published Dec 12, 2024
This issue was addressed by using HTTPS when sending information over the network. This issue is... Critical Unreviewed
CVE-2024-54492 was published Dec 12, 2024
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS... Critical Unreviewed
CVE-2024-44242 was published Dec 12, 2024
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia... Critical Unreviewed
CVE-2024-54465 was published Dec 12, 2024
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Critical Unreviewed
CVE-2024-49112 was published Dec 12, 2024
In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the... Critical Unreviewed
CVE-2024-55884 was published Dec 12, 2024
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS... Critical Unreviewed
CVE-2024-44241 was published Dec 12, 2024
From the VSPC management agent machine, under condition that the management agent is authorized... Critical Unreviewed
CVE-2024-42448 was published Dec 12, 2024
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote... Critical Unreviewed
CVE-2024-11948 was published Dec 12, 2024
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Critical
CVE-2024-45337 was published for golang.org/x/crypto (Go) Dec 11, 2024
ryanbekhen SuperSandro2000
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database