Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,362
Erlang
33
GitHub Actions
22
Go
2,134
Maven
5,000+
npm
3,797
NuGet
687
pip
3,473
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,101 advisories

Loading
Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to... High Unreviewed
CVE-2022-36386 was published Sep 22, 2022
IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local... High Unreviewed
CVE-2025-0161 was published Feb 20, 2025
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary... High Unreviewed
CVE-2025-25944 was published Feb 20, 2025
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary... High Unreviewed
CVE-2025-25943 was published Feb 20, 2025
The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13792 was published Feb 20, 2025
The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to... High Unreviewed
CVE-2024-13797 was published Feb 18, 2025
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary... High Unreviewed
CVE-2021-3267 was published Apr 4, 2023
AMI SPx contains a vulnerability in the BMC where a User may cause a improper control of... High Unreviewed
CVE-2023-34330 was published Jul 18, 2023
An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to... High Unreviewed
CVE-2023-27770 was published Apr 4, 2023
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to... High Unreviewed
CVE-2024-13346 was published Feb 13, 2025
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2024-13345 was published Feb 13, 2025
codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE)... High Unreviewed
CVE-2023-26817 was published Apr 7, 2023
On Linux, Node.js ignores certain environment variables if those may have been set by an... High Unreviewed
CVE-2024-21892 was published Feb 20, 2024
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), :... High Unreviewed
CVE-2024-48962 was published Nov 18, 2024
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS... High Unreviewed
CVE-2024-27859 was published Feb 10, 2025
An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2024-57609 was published Feb 7, 2025
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and... High Unreviewed
CVE-2015-1635 was published May 14, 2022
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to... High Unreviewed
CVE-2017-8759 was published May 14, 2022
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape... High Unreviewed
CVE-2023-30638 was published Apr 14, 2023
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote... High Unreviewed
CVE-2019-9082 was published May 13, 2022
The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions... High Unreviewed
CVE-2024-7419 was published Feb 7, 2025
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run... High Unreviewed
CVE-2024-13487 was published Feb 6, 2025
NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote... High Unreviewed
CVE-2025-25246 was published Feb 5, 2025
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. High Unreviewed
CVE-2020-8644 was published May 24, 2022
Unraid through 6.8.0 allows Remote Code Execution. High Unreviewed
CVE-2020-5847 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database