GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
4,001 advisories
Filter by severity
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable...
High
Unreviewed
CVE-2024-11977
was published
Dec 21, 2024
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
High
CVE-2024-56334
was published
for
systeminformation
(npm)
Dec 20, 2024
A post-auth SQLi vulnerability in the User Portal allows authenticated users to execute code...
High
Unreviewed
CVE-2024-12729
was published
Dec 19, 2024
A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system...
High
Unreviewed
CVE-2024-9154
was published
Dec 19, 2024
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
High
CVE-2024-56327
was published
for
pyrage
(pip)
Dec 19, 2024
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in...
High
Unreviewed
CVE-2024-11740
was published
Dec 19, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS...
High
Unreviewed
CVE-2024-56051
was published
Dec 18, 2024
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
A denial-of-service and possible remote code execution vulnerability exists in the Rockwell...
Critical
Unreviewed
CVE-2024-12372
was published
Dec 18, 2024
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5...
Critical
Unreviewed
CVE-2023-34990
was published
Dec 18, 2024
UniSharp Laravel Filemanager Code Injection vulnerability
High
CVE-2024-21546
was published
for
unisharp/laravel-filemanager
(Composer)
Dec 18, 2024
GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in...
Critical
Unreviewed
CVE-2024-55085
was published
Dec 17, 2024
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as...
Moderate
Unreviewed
CVE-2024-37773
was published
Dec 17, 2024
An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows...
High
Unreviewed
CVE-2024-56072
was published
Dec 15, 2024
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
High
CVE-2024-55661
was published
for
laravel/pulse
(Composer)
Dec 13, 2024
ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval()...
Critical
Unreviewed
CVE-2024-21577
was published
Dec 13, 2024
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in...
Critical
Unreviewed
CVE-2024-21576
was published
Dec 13, 2024
The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary...
Moderate
Unreviewed
CVE-2024-11012
was published
Dec 13, 2024
The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution...
Moderate
Unreviewed
CVE-2024-12417
was published
Dec 13, 2024
The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-12420
was published
Dec 13, 2024
The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable...
Moderate
Unreviewed
CVE-2024-12421
was published
Dec 13, 2024
An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an...
Moderate
Unreviewed
CVE-2024-55918
was published
Dec 13, 2024
The issue stems from a missing validation of the pip field in a POST request sent to the ...
Critical
Unreviewed
CVE-2024-21574
was published
Dec 12, 2024
The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions...
Moderate
Unreviewed
CVE-2024-12333
was published
Dec 12, 2024
ProTip!
Advisories are also available from the
GraphQL API