Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,469 advisories

Loading
The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-11028 was published Nov 13, 2024
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due... Critical Unreviewed
CVE-2024-11150 was published Nov 13, 2024
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2024-10820 was published Nov 13, 2024
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when... Critical Unreviewed
CVE-2024-10575 was published Nov 13, 2024
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability... Critical Unreviewed
CVE-2024-8938 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2 and 9.1R18.7 and Ivanti Policy... Critical Unreviewed
CVE-2024-39710 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti... Critical Unreviewed
CVE-2024-39711 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti... Critical Unreviewed
CVE-2024-39712 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti... Critical Unreviewed
CVE-2024-38656 was published Nov 13, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed
CVE-2024-38655 was published Nov 13, 2024
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed
CVE-2024-10218 was published Nov 12, 2024
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed
CVE-2024-10217 was published Nov 12, 2024
Windows Kerberos Remote Code Execution Vulnerability Critical Unreviewed
CVE-2024-43639 was published Nov 12, 2024
Azure CycleCloud Remote Code Execution Vulnerability Critical Unreviewed
CVE-2024-43602 was published Nov 12, 2024
An authentication bypass vulnerability exists in the affected product. The vulnerability exists... Critical Unreviewed
CVE-2024-10943 was published Nov 12, 2024
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6... Critical Unreviewed
CVE-2024-50330 was published Nov 12, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed
CVE-2024-11005 was published Nov 12, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed
CVE-2024-11006 was published Nov 12, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure... Critical Unreviewed
CVE-2024-11007 was published Nov 12, 2024
Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data... Critical Unreviewed
CVE-2024-8074 was published Nov 12, 2024
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910... Critical Unreviewed
CVE-2024-44102 was published Nov 12, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected... Critical Unreviewed
CVE-2024-46890 was published Nov 12, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected... Critical Unreviewed
CVE-2024-46888 was published Nov 12, 2024
The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2024-10245 was published Nov 12, 2024
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer... Critical Unreviewed
CVE-2024-52533 was published Nov 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database