Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

23,998 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection... Critical Unreviewed
CVE-2024-54372 was published Dec 16, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection... Critical Unreviewed
CVE-2024-54368 was published Dec 16, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo... Critical Unreviewed
CVE-2024-54370 was published Dec 16, 2024
Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality... Critical Unreviewed
CVE-2024-54369 was published Dec 16, 2024
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter... Critical Unreviewed
CVE-2024-49775 was published Dec 16, 2024
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The... Critical Unreviewed
CVE-2024-12641 was published Dec 16, 2024
DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during... Critical Unreviewed
CVE-2024-55969 was published Dec 15, 2024
In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to... Critical Unreviewed
CVE-2023-29476 was published Dec 14, 2024
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an... Critical Unreviewed
CVE-2024-55956 was published Dec 13, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-54292 was published Dec 13, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech... Critical Unreviewed
CVE-2024-54294 was published Dec 13, 2024
Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite allows Privilege Escalation.This... Critical Unreviewed
CVE-2024-54293 was published Dec 13, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in InspireUI ListApp... Critical Unreviewed
CVE-2024-54295 was published Dec 13, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in www.vbsso.com vBSSO... Critical Unreviewed
CVE-2024-54297 was published Dec 13, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool... Critical Unreviewed
CVE-2024-54296 was published Dec 13, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-54234 was published Dec 13, 2024
Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege... Critical Unreviewed
CVE-2024-54239 was published Dec 13, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-54261 was published Dec 13, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export... Critical Unreviewed
CVE-2024-54262 was published Dec 13, 2024
Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker allows Object... Critical Unreviewed
CVE-2024-54273 was published Dec 13, 2024
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support... Critical Unreviewed
CVE-2022-46838 was published Dec 13, 2024
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a... Critical Unreviewed
CVE-2024-11986 was published Dec 13, 2024
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in... Critical Unreviewed
CVE-2024-21576 was published Dec 13, 2024
ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval()... Critical Unreviewed
CVE-2024-21577 was published Dec 13, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-52057 was published Dec 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database