GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,258
Composer 4,353
Erlang 31
GitHub Actions 22
Go 2,120
Maven 5,293
npm 3,779
NuGet 681
pip 3,460
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,841

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

21,348 advisories

Filter by severity

Sort by

Least recently updated

In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload... Critical Unreviewed

CVE-2024-57668 was published Feb 6, 2025

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by... Critical Unreviewed

CVE-2022-1736 was published Jan 31, 2025

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv... Critical Unreviewed

CVE-2023-6320 was published Apr 9, 2024

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed

CVE-2024-7503 was published Aug 12, 2024

A command injection vulnerability exists in the getAudioMetadata method from the com.webos... Critical Unreviewed

CVE-2023-6319 was published Apr 9, 2024

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server... Critical Unreviewed

CVE-2024-6980 was published Jul 31, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-30498 was published Mar 29, 2024

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection... Critical Unreviewed

CVE-2024-2389 was published Apr 2, 2024

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi... Critical Unreviewed

CVE-2020-25506 was published May 24, 2022

Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page... Critical Unreviewed

CVE-2024-27951 was published Apr 3, 2024

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this... Critical Unreviewed

CVE-2020-2506 was published May 24, 2022

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed... Critical Unreviewed

CVE-2019-3396 was published May 13, 2022

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does... Critical Unreviewed

CVE-2010-5326 was published May 13, 2022

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an... Critical Unreviewed

CVE-2025-1107 was published Feb 7, 2025

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed

CVE-2019-2725 was published May 24, 2022

Citrix Workspace App before 1904 for Windows has Incorrect Access Control. Critical Unreviewed

CVE-2019-11634 was published May 24, 2022

An unprivileged network attacker could gain system privileges to provisioned Intel manageability... Critical Unreviewed

CVE-2017-5689 was published May 13, 2022

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT... Critical Unreviewed

CVE-2015-7450 was published May 17, 2022

Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site... Critical Unreviewed

CVE-2025-25107 was published Feb 7, 2025

Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site... Critical Unreviewed

CVE-2025-25101 was published Feb 7, 2025

Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows... Critical Unreviewed

CVE-2025-25106 was published Feb 7, 2025

A security vulnerability has been identified in the IBL Software Engineering Visual Weather and... Critical Unreviewed

CVE-2025-1077 was published Feb 7, 2025

SQL Injection vulnerability in the default configuration of the Logitime WebClock application <=... Critical Unreviewed

CVE-2024-55971 was published Jan 23, 2025

An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking... Critical Unreviewed

CVE-2024-57430 was published Feb 6, 2025

A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists... Critical Unreviewed

CVE-2024-57428 was published Feb 6, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

21,348 advisories