GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,152
Erlang
30
GitHub Actions
19
Go
1,956
Maven
5,000+
npm
3,692
NuGet
652
pip
3,307
Pub
11
RubyGems
881
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,858 advisories
Filter by severity
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console...
Critical
Unreviewed
CVE-2024-50498
was published
Oct 28, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson...
High
Unreviewed
CVE-2024-50492
was published
Oct 28, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress...
High
Unreviewed
CVE-2024-50450
was published
Oct 28, 2024
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code...
High
Unreviewed
CVE-2024-9162
was published
Oct 28, 2024
The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-9772
was published
Oct 26, 2024
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote...
Critical
Unreviewed
CVE-2024-48204
was published
Oct 25, 2024
SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a...
Critical
Unreviewed
CVE-2024-48579
was published
Oct 25, 2024
File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48581
was published
Oct 25, 2024
N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is...
High
Unreviewed
CVE-2024-47158
was published
Oct 25, 2024
Remote code execution in php-heic-to-jpg
High
CVE-2024-48514
was published
for
maestroerror/php-heic-to-jpg
(Composer)
Oct 24, 2024
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)
High
CVE-2024-47879
was published
for
org.openrefine:main
(Maven)
Oct 24, 2024
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and...
Moderate
Unreviewed
CVE-2024-20485
was published
Oct 23, 2024
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an...
Critical
Unreviewed
CVE-2024-35285
was published
Oct 21, 2024
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business...
Critical
Unreviewed
CVE-2024-35314
was published
Oct 21, 2024
A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and...
High
Unreviewed
CVE-2024-41714
was published
Oct 21, 2024
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business...
Moderate
Unreviewed
CVE-2024-35315
was published
Oct 21, 2024
A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow...
Moderate
Unreviewed
CVE-2024-41712
was published
Oct 21, 2024
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code...
High
Unreviewed
CVE-2024-9593
was published
Oct 18, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions
Critical
CVE-2024-9264
was published
for
github.com/grafana/grafana
(Go)
Oct 18, 2024
An issue in MYSQL MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the...
Moderate
Unreviewed
CVE-2024-27766
was published
Oct 18, 2024
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability.
Critical
Unreviewed
CVE-2023-26785
was published
Oct 18, 2024
Insecure permissions in the sys_exec function of Oracle MYSQL MariaDB v10.5 allows authenticated...
Moderate
Unreviewed
CVE-2023-39593
was published
Oct 18, 2024
Flair allows arbitrary code execution
Moderate
CVE-2024-10073
was published
for
flair
(pip)
Oct 17, 2024
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of...
High
Unreviewed
CVE-2024-45766
was published
Oct 17, 2024
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in...
Moderate
Unreviewed
CVE-2024-48744
was published
Oct 16, 2024
ProTip!
Advisories are also available from the
GraphQL API