GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
817 advisories
Filter by severity
The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in...
Moderate
Unreviewed
CVE-2024-10262
was published
Nov 16, 2024
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session...
Moderate
Unreviewed
CVE-2024-8069
was published
Nov 12, 2024
The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6...
Moderate
Unreviewed
CVE-2024-46965
was published
Nov 11, 2024
A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the...
Moderate
Unreviewed
CVE-2024-10505
was published
Oct 30, 2024
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of...
Moderate
Unreviewed
CVE-2024-48235
was published
Oct 26, 2024
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the...
Moderate
Unreviewed
CVE-2024-48236
was published
Oct 26, 2024
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and...
Moderate
Unreviewed
CVE-2024-20485
was published
Oct 23, 2024
A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow...
Moderate
Unreviewed
CVE-2024-41712
was published
Oct 21, 2024
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business...
Moderate
Unreviewed
CVE-2024-35315
was published
Oct 21, 2024
An issue in MYSQL MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the...
Moderate
Unreviewed
CVE-2024-27766
was published
Oct 18, 2024
Insecure permissions in the sys_exec function of Oracle MYSQL MariaDB v10.5 allows authenticated...
Moderate
Unreviewed
CVE-2023-39593
was published
Oct 18, 2024
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in...
Moderate
Unreviewed
CVE-2024-48744
was published
Oct 16, 2024
An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A...
Moderate
Unreviewed
CVE-2024-41997
was published
Oct 14, 2024
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection...
Moderate
Unreviewed
CVE-2024-8760
was published
Oct 12, 2024
OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute...
Moderate
Unreviewed
CVE-2024-45933
was published
Oct 7, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Moderate
Unreviewed
CVE-2024-8254
was published
Oct 2, 2024
An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code...
Moderate
Unreviewed
CVE-2024-44744
was published
Oct 1, 2024
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows...
Moderate
Unreviewed
CVE-2024-45200
was published
Sep 30, 2024
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical....
Moderate
Unreviewed
CVE-2024-9324
was published
Sep 29, 2024
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution ...
Moderate
Unreviewed
CVE-2024-37779
was published
Sep 23, 2024
A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected...
Moderate
Unreviewed
CVE-2024-9006
was published
Sep 20, 2024
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7....
Moderate
Unreviewed
CVE-2024-8880
was published
Sep 16, 2024
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code....
Moderate
Unreviewed
CVE-2023-39333
was published
Sep 7, 2024
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue...
Moderate
Unreviewed
CVE-2024-8523
was published
Sep 7, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc....
Moderate
Unreviewed
CVE-2024-43922
was published
Aug 29, 2024
ProTip!
Advisories are also available from the
GraphQL API