GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,325 advisories
Filter by severity
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable...
High
Unreviewed
CVE-2024-11977
was published
Dec 21, 2024
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
High
CVE-2024-56334
was published
for
systeminformation
(npm)
Dec 20, 2024
A post-auth SQLi vulnerability in the User Portal allows authenticated users to execute code...
High
Unreviewed
CVE-2024-12729
was published
Dec 19, 2024
A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system...
High
Unreviewed
CVE-2024-9154
was published
Dec 19, 2024
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
High
CVE-2024-56327
was published
for
pyrage
(pip)
Dec 19, 2024
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in...
High
Unreviewed
CVE-2024-11740
was published
Dec 19, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS...
High
Unreviewed
CVE-2024-56051
was published
Dec 18, 2024
UniSharp Laravel Filemanager Code Injection vulnerability
High
CVE-2024-21546
was published
for
unisharp/laravel-filemanager
(Composer)
Dec 18, 2024
An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows...
High
Unreviewed
CVE-2024-56072
was published
Dec 15, 2024
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
High
CVE-2024-55661
was published
for
laravel/pulse
(Composer)
Dec 13, 2024
The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary...
High
Unreviewed
CVE-2024-10910
was published
Dec 12, 2024
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2,...
High
Unreviewed
CVE-2024-54529
was published
Dec 12, 2024
The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for...
High
Unreviewed
CVE-2024-10959
was published
Dec 10, 2024
An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR....
High
Unreviewed
CVE-2024-55580
was published
Dec 9, 2024
Due to missing input validation during one step of the firmware update process, the product
is...
High
Unreviewed
CVE-2024-10771
was published
Dec 6, 2024
Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent....
High
Unreviewed
CVE-2024-21571
was published
Dec 6, 2024
Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2...
High
Unreviewed
CVE-2024-37862
was published
Dec 6, 2024
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2-...
High
Unreviewed
CVE-2024-30963
was published
Dec 6, 2024
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2...
High
Unreviewed
CVE-2024-30964
was published
Dec 6, 2024
Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&&...
High
Unreviewed
CVE-2024-37860
was published
Dec 6, 2024
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2...
High
Unreviewed
CVE-2024-30961
was published
Dec 6, 2024
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via...
High
Unreviewed
CVE-2024-10952
was published
Dec 4, 2024
An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of...
High
Unreviewed
CVE-2024-53564
was published
Dec 2, 2024
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization
High
CVE-2024-36610
was published
for
symfony/var-dumper
(Composer)
Nov 29, 2024
•
withdrawn
Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows...
High
Unreviewed
CVE-2024-11620
was published
Nov 28, 2024
ProTip!
Advisories are also available from the
GraphQL API