Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

24,433 advisories

Loading
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Smallerik File Browser... Critical Unreviewed
CVE-2025-23918 was published Jan 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files... Critical Unreviewed
CVE-2025-23953 was published Jan 22, 2025
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed
CVE-2024-12857 was published Jan 22, 2025
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a... Critical Unreviewed
CVE-2024-49747 was published Jan 22, 2025
In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due... Critical Unreviewed
CVE-2024-49748 was published Jan 22, 2025
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due... Critical Unreviewed
CVE-2024-13091 was published Jan 22, 2025
A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit... Critical Unreviewed
CVE-2024-24421 was published Jan 22, 2025
Apache Ranger UI vulnerable to Server Side Request Forgery Critical
CVE-2024-45479 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2023-27112 was published Jan 22, 2025
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2023-27113 was published Jan 22, 2025
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications ... Critical Unreviewed
CVE-2025-21547 was published Jan 21, 2025
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile... Critical Unreviewed
CVE-2025-21556 was published Jan 21, 2025
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Critical Unreviewed
CVE-2025-21535 was published Jan 21, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component:... Critical Unreviewed
CVE-2025-21524 was published Jan 21, 2025
Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. Critical Unreviewed
CVE-2024-55959 was published Jan 21, 2025
The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is... Critical Unreviewed
CVE-2024-42936 was published Jan 21, 2025
The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. Critical Unreviewed
CVE-2024-54794 was published Jan 21, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-22553 was published Jan 21, 2025
Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege... Critical Unreviewed
CVE-2024-51888 was published Jan 21, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner with... Critical Unreviewed
CVE-2025-22723 was published Jan 21, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-51818 was published Jan 21, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer.... Critical Unreviewed
CVE-2024-51919 was published Jan 21, 2025
Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege... Critical Unreviewed
CVE-2024-32555 was published Jan 21, 2025
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This... Critical Unreviewed
CVE-2024-49688 was published Jan 21, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-49655 was published Jan 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database