GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,144
Composer 4,333
Erlang 31
GitHub Actions 22
Go 2,095
Maven 5,265
npm 3,760
NuGet 678
pip 3,446
Pub 12
RubyGems 892
Rust 882
Swift 37

Unreviewed advisories

All unreviewed 242,536

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

24,376 advisories

Filter by severity

Sort by

Least recently updated

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient... Critical Unreviewed

CVE-2025-0357 was published Jan 25, 2025

A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The... Critical Unreviewed

CVE-2024-57328 was published Jan 24, 2025

Apache Tomcat - Authentication Bypass Critical

CVE-2024-52316 was published for org.apache.tomcat:tomcat-catalina (Maven) Nov 18, 2024

An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9,... Critical Unreviewed

CVE-2024-55573 was published Jan 24, 2025

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed

CVE-2024-12857 was published Jan 22, 2025

Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical

CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024

An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x... Critical Unreviewed

CVE-2024-53923 was published Jan 24, 2025

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could... Critical Unreviewed

CVE-2024-11053 was published Dec 11, 2024

SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion... Critical Unreviewed

CVE-2023-30330 was published May 23, 2023

An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration... Critical Unreviewed

CVE-2023-27823 was published May 12, 2023

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of... Critical Unreviewed

CVE-2024-4223 was published May 16, 2024

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it... Critical Unreviewed

CVE-2024-29006 was published Apr 4, 2024

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows... Critical Unreviewed

CVE-2021-32030 was published May 24, 2022

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a... Critical Unreviewed

CVE-2025-24650 was published Jan 24, 2025

In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR)... Critical Unreviewed

CVE-2024-56404 was published Jan 24, 2025

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates... Critical Unreviewed

CVE-2023-24540 was published May 11, 2023

The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions... Critical Unreviewed

CVE-2024-13545 was published Jan 24, 2025

PaddlePaddle Path Traversal vulnerability Critical

CVE-2024-0818 was published for paddlepaddle (pip) Mar 7, 2024

Apache Wicket: An attacker can intentionally trigger a memory leak Critical

CVE-2024-53299 was published for org.apache.wicket:wicket-core (Maven) Jan 23, 2025

Apache RocketMQ may have remote code execution vulnerability when using update configuration function Critical

CVE-2023-33246 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 6, 2023

Code execution in Apache Struts 1 plugin Critical

CVE-2017-9791 was published for org.apache.struts:struts2-struts1-plugin (Maven) May 13, 2022

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access... Critical Unreviewed

CVE-2017-13322 was published Jan 18, 2025

SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary... Critical Unreviewed

CVE-2024-25227 was published Mar 15, 2024

The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File... Critical Unreviewed

CVE-2024-26261 was published Feb 15, 2024

The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command... Critical Unreviewed

CVE-2024-26260 was published Feb 15, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

24,376 advisories