Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,761 advisories

Loading
Memory corruption while processing IOCTL call invoked from user-space to verify non extension... High Unreviewed
CVE-2024-45547 was published Jan 6, 2025
Memory corruption can occur when process-specific maps are added to the global list. If a map is... High Unreviewed
CVE-2024-45553 was published Jan 6, 2025
Memory corruption when IOCTL call is invoked from user-space to read board data. High Unreviewed
CVE-2024-45541 was published Jan 6, 2025
Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM... High Unreviewed
CVE-2024-45550 was published Jan 6, 2025
Memory corruption while processing IPA statistics, when there are no active clients registered. High Unreviewed
CVE-2024-21464 was published Jan 6, 2025
In wlan STA driver, there is a possible out of bounds write due to improper input validation.... High Unreviewed
CVE-2024-20146 was published Jan 6, 2025
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial... High Unreviewed
CVE-2024-20150 was published Jan 6, 2025
In Modem, there is a possible system crash due to improper input validation. This could lead to... High Unreviewed
CVE-2024-20149 was published Jan 6, 2025
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead... High Unreviewed
CVE-2024-20154 was published Jan 6, 2025
In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID.... High Unreviewed
CVE-2024-20153 was published Jan 6, 2025
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL... High Unreviewed
CVE-2024-41767 was published Jan 4, 2025
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote... High Unreviewed
CVE-2024-41766 was published Jan 4, 2025
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-10957 was published Jan 4, 2025
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions... High Unreviewed
CVE-2024-10932 was published Jan 4, 2025
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity... High Unreviewed
CVE-2025-22389 was published Jan 4, 2025
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity... High Unreviewed
CVE-2025-22390 was published Jan 4, 2025
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity... High Unreviewed
CVE-2025-22386 was published Jan 4, 2025
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity... High Unreviewed
CVE-2025-22387 was published Jan 4, 2025
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity... High Unreviewed
CVE-2025-22384 was published Jan 4, 2025
A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by... High Unreviewed
CVE-2024-13129 was published Jan 4, 2025
The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2024-11733 was published Jan 4, 2025
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component... High Unreviewed
CVE-2024-35365 was published Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file High
CVE-2024-56409 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file High
CVE-2024-56366 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class High
CVE-2024-56365 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database