GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,150
Erlang
30
GitHub Actions
19
Go
1,952
Maven
5,000+
npm
3,684
NuGet
650
pip
3,306
Pub
11
RubyGems
880
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,278 advisories
Filter by severity
Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation...
Critical
Unreviewed
CVE-2024-50489
was published
Oct 28, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console...
Critical
Unreviewed
CVE-2024-50498
was published
Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API...
Critical
Unreviewed
CVE-2024-50487
was published
Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API...
Critical
Unreviewed
CVE-2024-50486
was published
Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile...
Critical
Unreviewed
CVE-2024-50477
was published
Oct 28, 2024
Spring WebFlux applications that have Spring Security authorization rules on static resources can...
Critical
Unreviewed
CVE-2024-38821
was published
Oct 28, 2024
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote...
Critical
Unreviewed
CVE-2024-10440
was published
Oct 28, 2024
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-9501
was published
Oct 26, 2024
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to,...
Critical
Unreviewed
CVE-2024-9933
was published
Oct 26, 2024
The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in...
Critical
Unreviewed
CVE-2024-9930
was published
Oct 26, 2024
The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to...
Critical
Unreviewed
CVE-2024-9931
was published
Oct 26, 2024
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to...
Critical
Unreviewed
CVE-2024-9932
was published
Oct 26, 2024
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote...
Critical
Unreviewed
CVE-2024-48204
was published
Oct 25, 2024
SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote...
Critical
Unreviewed
CVE-2024-48580
was published
Oct 25, 2024
SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a...
Critical
Unreviewed
CVE-2024-48579
was published
Oct 25, 2024
File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48581
was published
Oct 25, 2024
CVE-2024-10386 IMPACT
An authentication
vulnerability exists in the affected product. The...
Critical
Unreviewed
CVE-2024-10386
was published
Oct 25, 2024
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request...
Critical
Unreviewed
CVE-2022-30355
was published
Oct 25, 2024
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request...
Critical
Unreviewed
CVE-2022-30357
was published
Oct 25, 2024
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper...
Critical
Unreviewed
CVE-2024-10381
was published
Oct 25, 2024
Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an...
Critical
Unreviewed
CVE-2024-47406
was published
Oct 25, 2024
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all...
Critical
Unreviewed
CVE-2024-9488
was published
Oct 25, 2024
In WhatsUp Gold versions released before 2024.0.0,
an Authentication Bypass issue exists which...
Critical
Unreviewed
CVE-2024-7763
was published
Oct 24, 2024
A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS...
Critical
Unreviewed
CVE-2024-48143
was published
Oct 24, 2024
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding...
Critical
Unreviewed
CVE-2024-48548
was published
Oct 24, 2024
ProTip!
Advisories are also available from the
GraphQL API