GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
94,360 advisories
Filter by severity
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can...
High
Unreviewed
CVE-2024-42168
was published
Jan 11, 2025
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin...
High
Unreviewed
CVE-2024-12627
was published
Jan 11, 2025
HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access...
High
Unreviewed
CVE-2024-42169
was published
Jan 11, 2025
A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables...
High
Unreviewed
CVE-2025-0104
was published
Jan 11, 2025
The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the ...
High
Unreviewed
CVE-2024-12404
was published
Jan 11, 2025
The administrator is able to configure an insecure captive portal script
High
Unreviewed
CVE-2024-9132
was published
Jan 11, 2025
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced...
High
Unreviewed
CVE-2024-9134
was published
Jan 11, 2025
Backup uploads to ETM subject to man-in-the-middle interception
High
Unreviewed
CVE-2024-47519
was published
Jan 11, 2025
A user with advanced report application access rights can perform actions for which they are not...
High
Unreviewed
CVE-2024-47520
was published
Jan 11, 2025
Specially constructed queries cause cross platform scripting leaking administrator tokens
High
Unreviewed
CVE-2024-9188
was published
Jan 11, 2025
A user with administrator privileges can perform command injection
High
Unreviewed
CVE-2024-9131
was published
Jan 11, 2025
Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful...
High
Unreviewed
CVE-2024-13291
was published
Jan 9, 2025
** DISPUTED ** A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5...
High
Unreviewed
CVE-2024-7886
was published
Aug 17, 2024
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a...
High
Unreviewed
CVE-2023-29543
was published
Jun 2, 2023
Memory corruption while processing TPC target power table in FTM TPC.
High
Unreviewed
CVE-2023-43549
was published
Mar 4, 2024
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Harden...
High
Unreviewed
CVE-2022-48655
was published
Apr 28, 2024
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18...
High
Unreviewed
CVE-2018-5996
was published
May 13, 2022
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before...
High
Unreviewed
CVE-2017-17969
was published
May 14, 2022
Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena®...
High
Unreviewed
CVE-2024-12175
was published
Dec 19, 2024
Memory corruption while parsing qcp clip with invalid chunk data size.
High
Unreviewed
CVE-2023-43548
was published
Mar 4, 2024
In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user...
High
Unreviewed
CVE-2024-46464
was published
Jan 10, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request...
High
Unreviewed
CVE-2024-13244
was published
Jan 9, 2025
Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful...
High
Unreviewed
CVE-2024-13256
was published
Jan 9, 2025
Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege...
High
Unreviewed
CVE-2024-13251
was published
Jan 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross...
High
Unreviewed
CVE-2024-13250
was published
Jan 9, 2025
ProTip!
Advisories are also available from the
GraphQL API