Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

103,276 advisories

Loading
An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via... High Unreviewed
CVE-2024-55272 was published Feb 8, 2025
SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2... High Unreviewed
CVE-2024-57606 was published Feb 8, 2025
An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to... High Unreviewed
CVE-2024-57357 was published Feb 8, 2025
An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free... High Unreviewed
CVE-2020-8094 was published Jan 15, 2025
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path... High Unreviewed
CVE-2024-51534 was published Feb 1, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-31260 was published Apr 7, 2024
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in... High Unreviewed
CVE-2024-2224 was published Apr 9, 2024
The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP... High Unreviewed
CVE-2024-1773 was published Mar 7, 2024
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an... High Unreviewed
CVE-2024-2223 was published Apr 9, 2024
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. High Unreviewed
CVE-2022-33900 was published Aug 23, 2022
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks... High Unreviewed
CVE-2024-39556 was published Jul 11, 2024
The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's... High Unreviewed
CVE-2024-3518 was published May 22, 2024
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7.... High Unreviewed
CVE-2023-6317 was published Apr 9, 2024
Jenkins discloses project names via fingerprints High
CVE-2015-5317 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Connect-CMS information that is restricted to viewing is visible High
GHSA-2237-5r9w-vm8j was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
ESPHome vulnerable to remote code execution via arbitrary file write High
CVE-2024-27081 was published for esphome (pip) Mar 1, 2024
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
SFTPGo has insufficient sanitization of user provided rsync command High
CVE-2025-24366 was published for github.com/drakkan/sftpgo (Go) Feb 7, 2025
ateamjkr
Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management... High Unreviewed
CVE-2024-56889 was published Feb 7, 2025
The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before... High Unreviewed
CVE-2024-13352 was published Feb 7, 2025
A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to... High Unreviewed
CVE-2024-57084 was published Feb 6, 2025
It is possible to construct a zone such that some queries to it will generate responses... High Unreviewed
CVE-2024-11187 was published Jan 30, 2025
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass... High Unreviewed
CVE-2025-0411 was published Jan 25, 2025
Undertow incorrectly parses cookies High
CVE-2023-4639 was published for io.undertow:undertow-core (Maven) Nov 17, 2024
Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it... High Unreviewed
CVE-2024-12705 was published Jan 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database