GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,171 advisories
Filter by severity
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for...
Critical
Unreviewed
CVE-2024-9263
was published
Oct 17, 2024
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated...
Critical
Unreviewed
CVE-2024-9464
was published
Oct 9, 2024
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated...
Critical
Unreviewed
CVE-2024-9465
was published
Oct 9, 2024
, aka 'Azure SDK for Java Security Feature Bypass Vulnerability'.
Critical
Unreviewed
CVE-2020-16971
was published
May 24, 2022
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-9863
was published
Oct 17, 2024
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary...
Critical
Unreviewed
CVE-2024-9862
was published
Oct 17, 2024
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an...
Critical
Unreviewed
CVE-2024-10004
was published
Oct 16, 2024
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI...
Critical
Unreviewed
CVE-2024-48411
was published
Oct 15, 2024
File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to...
Critical
Unreviewed
CVE-2024-48782
was published
Oct 15, 2024
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte...
Critical
Unreviewed
CVE-2023-41360
was published
Aug 29, 2023
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead...
Critical
Unreviewed
CVE-2024-10018
was published
Oct 16, 2024
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before...
Critical
Unreviewed
CVE-2024-44730
was published
Oct 11, 2024
SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the...
Critical
Unreviewed
CVE-2024-46532
was published
Oct 11, 2024
An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote...
Critical
Unreviewed
CVE-2024-48781
was published
Oct 15, 2024
This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect...
Critical
Unreviewed
CVE-2024-47656
was published
Oct 4, 2024
Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112...
Critical
Unreviewed
CVE-2024-22074
was published
Jun 6, 2024
Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat,...
Critical
Unreviewed
CVE-2024-48251
was published
Oct 14, 2024
Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection.
Critical
Unreviewed
CVE-2024-48255
was published
Oct 14, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code...
Critical
Unreviewed
CVE-2024-49254
was published
Oct 16, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments...
Critical
Unreviewed
CVE-2024-49216
was published
Oct 16, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin –...
Critical
Unreviewed
CVE-2024-49260
was published
Oct 16, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows...
Critical
Unreviewed
CVE-2024-49242
was published
Oct 16, 2024
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all...
Critical
Unreviewed
CVE-2024-9893
was published
Oct 16, 2024
: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza...
Critical
Unreviewed
CVE-2024-49247
was published
Oct 16, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows...
Critical
Unreviewed
CVE-2024-49257
was published
Oct 16, 2024
ProTip!
Advisories are also available from the
GraphQL API