Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

98,989 advisories

Loading
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2024-10263 was published Nov 5, 2024
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an... High Unreviewed
CVE-2024-47253 was published Nov 5, 2024
Permission control vulnerability in the hidebug module Impact: Successful exploitation of this... High Unreviewed
CVE-2024-51526 was published Nov 5, 2024
Information management vulnerability in the Gallery module Impact: Successful exploitation of... High Unreviewed
CVE-2024-51523 was published Nov 5, 2024
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is... High Unreviewed
CVE-2024-47404 was published Nov 5, 2024
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is... High Unreviewed
CVE-2024-47137 was published Nov 5, 2024
Out-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this... High Unreviewed
CVE-2024-51510 was published Nov 5, 2024
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is... High Unreviewed
CVE-2024-47797 was published Nov 5, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all... High Unreviewed
CVE-2024-10114 was published Nov 5, 2024
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication... High Unreviewed
CVE-2024-10097 was published Nov 5, 2024
The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... High Unreviewed
CVE-2024-10711 was published Nov 5, 2024
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to... High Unreviewed
CVE-2024-9459 was published Nov 5, 2024
AgentScope uses `eval` High
CVE-2024-48050 was published for agentscope (pip) Nov 5, 2024
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes High
CVE-2024-51501 was published for Refit (NuGet) Nov 4, 2024
sofiaml
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`) High
GHSA-82j3-hf72-7x93 was published for com.reposilite:reposilite-backend (Maven) Nov 4, 2024
artsploit
Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin... High Unreviewed
CVE-2024-30616 was published Nov 4, 2024
Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated... High Unreviewed
CVE-2024-30619 was published Nov 4, 2024
A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password... High Unreviewed
CVE-2024-51329 was published Nov 4, 2024
hornetq vulnerable to file overwrite, sensitive information disclosure High
CVE-2024-51127 was published for org.hornetq:hornetq-core-client (Maven) Nov 4, 2024
SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote... High Unreviewed
CVE-2024-51326 was published Nov 4, 2024
The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does... High Unreviewed
CVE-2024-48336 was published Nov 4, 2024
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a... High Unreviewed
CVE-2024-48809 was published Nov 4, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-51626 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... High Unreviewed
CVE-2024-45891 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... High Unreviewed
CVE-2024-45893 was published Nov 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database