Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

21,350 advisories

Loading
An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via... Critical Unreviewed
CVE-2024-55215 was published Feb 8, 2025
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all... Critical Unreviewed
CVE-2024-5871 was published Jun 15, 2024
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos... Critical Unreviewed
CVE-2023-6318 was published Apr 9, 2024
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection. Critical Unreviewed
CVE-2015-9324 was published May 24, 2022
Tiny File Manager v2.4.7 and below is vulnerable to session fixation. Critical Unreviewed
CVE-2022-40916 was published Feb 6, 2025
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of... Critical Unreviewed
CVE-2024-3200 was published Jun 1, 2024
In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload... Critical Unreviewed
CVE-2024-57668 was published Feb 6, 2025
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv... Critical Unreviewed
CVE-2023-6320 was published Apr 9, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2024-7503 was published Aug 12, 2024
A command injection vulnerability exists in the getAudioMetadata method from the com.webos... Critical Unreviewed
CVE-2023-6319 was published Apr 9, 2024
A verbose error handling issue in the proxy service implemented in the GravityZone Update Server... Critical Unreviewed
CVE-2024-6980 was published Jul 31, 2024
Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by... Critical Unreviewed
CVE-2022-1736 was published Jan 31, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-30498 was published Mar 29, 2024
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection... Critical Unreviewed
CVE-2024-2389 was published Apr 2, 2024
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi... Critical Unreviewed
CVE-2020-25506 was published May 24, 2022
Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page... Critical Unreviewed
CVE-2024-27951 was published Apr 3, 2024
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this... Critical Unreviewed
CVE-2020-2506 was published May 24, 2022
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed... Critical Unreviewed
CVE-2019-3396 was published May 13, 2022
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does... Critical Unreviewed
CVE-2010-5326 was published May 13, 2022
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an... Critical Unreviewed
CVE-2025-1107 was published Feb 7, 2025
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2725 was published May 24, 2022
Citrix Workspace App before 1904 for Windows has Incorrect Access Control. Critical Unreviewed
CVE-2019-11634 was published May 24, 2022
An unprivileged network attacker could gain system privileges to provisioned Intel manageability... Critical Unreviewed
CVE-2017-5689 was published May 13, 2022
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT... Critical Unreviewed
CVE-2015-7450 was published May 17, 2022
Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows... Critical Unreviewed
CVE-2025-25106 was published Feb 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database