Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,141
Erlang
30
GitHub Actions
19
Go
1,942
Maven
5,000+
npm
3,684
NuGet
650
pip
3,303
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,259 advisories

Loading
N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is... High Unreviewed
CVE-2024-47158 was published Oct 25, 2024
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and... High Unreviewed
CVE-2024-41714 was published Oct 21, 2024
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code... High Unreviewed
CVE-2024-9593 was published Oct 18, 2024
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of... High Unreviewed
CVE-2024-45766 was published Oct 17, 2024
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is... High Unreviewed
CVE-2024-9061 was published Oct 16, 2024
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration &... High Unreviewed
CVE-2024-48279 was published Oct 15, 2024
The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-9837 was published Oct 15, 2024
A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This... High Unreviewed
CVE-2024-44414 was published Oct 11, 2024
The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in... High Unreviewed
CVE-2024-9581 was published Oct 10, 2024
Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip... High Unreviewed
CVE-2024-46080 was published Oct 1, 2024
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises... High Unreviewed
CVE-2024-6983 was published Sep 27, 2024
Remote command execution in promptr High
CVE-2024-46489 was published for @ifnotnowwhen/promptr (npm) Sep 25, 2024
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in... High Unreviewed
CVE-2024-8481 was published Sep 25, 2024
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2024-8623 was published Sep 24, 2024
A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute... High Unreviewed
CVE-2024-46639 was published Sep 23, 2024
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and... High Unreviewed
CVE-2024-40442 was published Sep 23, 2024
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology... High Unreviewed
CVE-2024-40125 was published Sep 19, 2024
sqlitedict insecure deserialization vulnerability High
CVE-2024-35515 was published for sqlitedict (pip) Sep 18, 2024
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code... High Unreviewed
CVE-2024-44623 was published Sep 16, 2024
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable... High Unreviewed
CVE-2024-8271 was published Sep 16, 2024
The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in... High Unreviewed
CVE-2024-8479 was published Sep 16, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45851 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45849 was published for mindsdb (pip) Sep 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database