Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

24,166 advisories

Loading
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP... Critical Unreviewed
CVE-2024-12877 was published Jan 11, 2025
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker... Critical Unreviewed
CVE-2025-0103 was published Jan 11, 2025
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A... Critical Unreviewed
CVE-2024-12847 was published Jan 10, 2025
An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in... Critical Unreviewed
CVE-2024-57687 was published Jan 10, 2025
In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI... Critical Unreviewed
CVE-2024-57823 was published Jan 10, 2025
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker... Critical Unreviewed
CVE-2024-41787 was published Jan 10, 2025
A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in... Critical Unreviewed
CVE-2024-57686 was published Jan 10, 2025
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based... Critical Unreviewed
CVE-2025-23016 was published Jan 10, 2025
An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call... Critical Unreviewed
CVE-2023-28354 was published Jan 10, 2025
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')... Critical Unreviewed
CVE-2024-13264 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue... Critical Unreviewed
CVE-2024-13277 was published Jan 9, 2025
Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation... Critical Unreviewed
CVE-2024-13279 was published Jan 9, 2025
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up... Critical Unreviewed
CVE-2024-10215 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue... Critical Unreviewed
CVE-2024-13278 was published Jan 9, 2025
Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing... Critical Unreviewed
CVE-2024-13280 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue... Critical Unreviewed
CVE-2024-13281 was published Jan 9, 2025
Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *.*. Critical Unreviewed
CVE-2024-13285 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows... Critical Unreviewed
CVE-2024-13258 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows... Critical Unreviewed
CVE-2024-13253 was published Jan 9, 2025
Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common... Critical Unreviewed
CVE-2024-13241 was published Jan 9, 2025
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication... Critical Unreviewed
CVE-2024-13239 was published Jan 9, 2025
Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource... Critical Unreviewed
CVE-2024-13242 was published Jan 9, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms... Critical Unreviewed
CVE-2025-22504 was published Jan 9, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-22542 was published Jan 9, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-22540 was published Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database