Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,150
Erlang
30
GitHub Actions
19
Go
1,952
Maven
5,000+
npm
3,684
NuGet
650
pip
3,306
Pub
11
RubyGems
880
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,278 advisories

Loading
Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation... Critical Unreviewed
CVE-2024-50489 was published Oct 28, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console... Critical Unreviewed
CVE-2024-50498 was published Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API... Critical Unreviewed
CVE-2024-50487 was published Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API... Critical Unreviewed
CVE-2024-50486 was published Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile... Critical Unreviewed
CVE-2024-50477 was published Oct 28, 2024
Spring WebFlux applications that have Spring Security authorization rules on static resources can... Critical Unreviewed
CVE-2024-38821 was published Oct 28, 2024
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote... Critical Unreviewed
CVE-2024-10440 was published Oct 28, 2024
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-9501 was published Oct 26, 2024
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to,... Critical Unreviewed
CVE-2024-9933 was published Oct 26, 2024
The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2024-9930 was published Oct 26, 2024
The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to... Critical Unreviewed
CVE-2024-9931 was published Oct 26, 2024
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2024-9932 was published Oct 26, 2024
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote... Critical Unreviewed
CVE-2024-48204 was published Oct 25, 2024
SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote... Critical Unreviewed
CVE-2024-48580 was published Oct 25, 2024
SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a... Critical Unreviewed
CVE-2024-48579 was published Oct 25, 2024
File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker... Critical Unreviewed
CVE-2024-48581 was published Oct 25, 2024
CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The... Critical Unreviewed
CVE-2024-10386 was published Oct 25, 2024
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request... Critical Unreviewed
CVE-2022-30355 was published Oct 25, 2024
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request... Critical Unreviewed
CVE-2022-30357 was published Oct 25, 2024
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper... Critical Unreviewed
CVE-2024-10381 was published Oct 25, 2024
Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an... Critical Unreviewed
CVE-2024-47406 was published Oct 25, 2024
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all... Critical Unreviewed
CVE-2024-9488 was published Oct 25, 2024
In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which... Critical Unreviewed
CVE-2024-7763 was published Oct 24, 2024
A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS... Critical Unreviewed
CVE-2024-48143 was published Oct 24, 2024
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding... Critical Unreviewed
CVE-2024-48548 was published Oct 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database