GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,838 advisories
Filter by severity
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code...
High
Unreviewed
CVE-2024-9593
was published
Oct 18, 2024
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries...
Critical
Unreviewed
CVE-2024-9264
was published
Oct 18, 2024
An issue in MYSQL MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the...
Moderate
Unreviewed
CVE-2024-27766
was published
Oct 18, 2024
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability.
Critical
Unreviewed
CVE-2023-26785
was published
Oct 18, 2024
Insecure permissions in the sys_exec function of Oracle MYSQL MariaDB v10.5 allows authenticated...
Moderate
Unreviewed
CVE-2023-39593
was published
Oct 18, 2024
A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected...
Moderate
Unreviewed
CVE-2024-10073
was published
Oct 17, 2024
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of...
High
Unreviewed
CVE-2024-45766
was published
Oct 17, 2024
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in...
Moderate
Unreviewed
CVE-2024-48744
was published
Oct 16, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code...
Critical
Unreviewed
CVE-2024-49254
was published
Oct 16, 2024
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is...
High
Unreviewed
CVE-2024-9061
was published
Oct 16, 2024
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration &...
High
Unreviewed
CVE-2024-48279
was published
Oct 15, 2024
The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-9837
was published
Oct 15, 2024
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link...
Critical
Unreviewed
CVE-2024-48168
was published
Oct 14, 2024
An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A...
Moderate
Unreviewed
CVE-2024-41997
was published
Oct 14, 2024
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection...
Moderate
Unreviewed
CVE-2024-8760
was published
Oct 12, 2024
A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This...
High
Unreviewed
CVE-2024-44414
was published
Oct 11, 2024
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(npm)
Oct 11, 2024
The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in...
High
Unreviewed
CVE-2024-9581
was published
Oct 10, 2024
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary...
Critical
Unreviewed
CVE-2024-45873
was published
Oct 8, 2024
A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code ...
Critical
Unreviewed
CVE-2024-45874
was published
Oct 8, 2024
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code...
Critical
Unreviewed
CVE-2024-46076
was published
Oct 7, 2024
OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute...
Moderate
Unreviewed
CVE-2024-45933
was published
Oct 7, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Moderate
Unreviewed
CVE-2024-8254
was published
Oct 2, 2024
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.
Critical
Unreviewed
CVE-2024-45186
was published
Oct 2, 2024
Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip...
High
Unreviewed
CVE-2024-46080
was published
Oct 1, 2024
ProTip!
Advisories are also available from the
GraphQL API