Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,359 advisories

Loading
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in... Critical Unreviewed
CVE-2024-10653 was published Nov 1, 2024
A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary... Critical Unreviewed
CVE-2024-7456 was published Nov 1, 2024
Stack-based buffer overflow vulnerability exists in multiple Ricoh laser printers and MFPs which... Critical Unreviewed
CVE-2024-47939 was published Nov 1, 2024
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction... Critical Unreviewed
CVE-2023-52044 was published Oct 31, 2024
Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher... Critical Unreviewed
CVE-2024-51063 was published Oct 31, 2024
Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index... Critical Unreviewed
CVE-2024-51065 was published Oct 31, 2024
Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the ... Critical Unreviewed
CVE-2024-51060 was published Oct 31, 2024
Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid... Critical Unreviewed
CVE-2024-51064 was published Oct 31, 2024
Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2024-48359 was published Oct 31, 2024
Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path... Critical Unreviewed
CVE-2024-39332 was published Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51255 was published Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51260 was published Oct 31, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51259 was published Oct 31, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser EKC Tournament Manager allows... Critical Unreviewed
CVE-2024-49674 was published Oct 31, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code... Critical Unreviewed
CVE-2024-43984 was published Oct 31, 2024
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due... Critical Unreviewed
CVE-2024-10392 was published Oct 31, 2024
An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the Owned... Critical Unreviewed
CVE-2024-51424 was published Oct 30, 2024
An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the PepeGxng... Critical Unreviewed
CVE-2024-51427 was published Oct 30, 2024
icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. Critical Unreviewed
CVE-2024-48202 was published Oct 30, 2024
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a... Critical Unreviewed
CVE-2024-10456 was published Oct 30, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51298 was published Oct 30, 2024
The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in... Critical Unreviewed
CVE-2024-23309 was published Oct 30, 2024
The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0... Critical Unreviewed
CVE-2024-33699 was published Oct 30, 2024
The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to... Critical Unreviewed
CVE-2024-8512 was published Oct 30, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in David DONISA WP donimedia... Critical Unreviewed
CVE-2024-50511 was published Oct 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database