GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,350
Composer 4,652
Erlang 34
GitHub Actions 26
Go 2,257
Maven 5,512
npm 3,909
NuGet 704
pip 3,680
Pub 12
RubyGems 915
Rust 943
Swift 38

Unreviewed advisories

All unreviewed 253,100

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

253,100 advisories

Filter by severity

Sort by

Least recently updated

Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability. High Unreviewed

CVE-2024-34897 was published Feb 3, 2025

An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers with... Moderate Unreviewed

CVE-2024-56902 was published Feb 3, 2025

A Cross-Site Request Forgery (CSRF) in the Account Management component of Geovision GV-ASWeb... High Unreviewed

CVE-2024-56901 was published Feb 3, 2025

SQL injection vulnerability in the ZimbraSyncService SOAP endpoint in Zimbra Collaboration 10.0.x... Critical Unreviewed

CVE-2025-25064 was published Feb 3, 2025

Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less allows unauthorized... High Unreviewed

CVE-2024-56898 was published Feb 3, 2025

Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker... High Unreviewed

CVE-2024-57669 was published Feb 3, 2025

An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users... High Unreviewed

CVE-2024-34896 was published Feb 3, 2025

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x... Moderate Unreviewed

CVE-2025-25065 was published Feb 3, 2025

Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to... Moderate Unreviewed

CVE-2024-44449 was published Feb 3, 2025

ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller... High Unreviewed

CVE-2024-57451 was published Feb 3, 2025

Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to... Moderate Unreviewed

CVE-2024-56946 was published Feb 3, 2025

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the... Moderate Unreviewed

CVE-2024-57237 was published Feb 3, 2025

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc... High Unreviewed

CVE-2024-57238 was published Feb 3, 2025

Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated... Moderate Unreviewed

CVE-2024-57004 was published Feb 3, 2025

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing... Moderate Unreviewed

CVE-2024-11133 was published Feb 3, 2025

If LDAP settings are accessed, authentication could be redirected to another server, potentially... Moderate Unreviewed

CVE-2024-12510 was published Feb 3, 2025

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing... Moderate Unreviewed

CVE-2024-11134 was published Feb 3, 2025

The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all... High Unreviewed

CVE-2024-12859 was published Feb 3, 2025

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly... High Unreviewed

CVE-2024-12511 was published Feb 3, 2025

ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php. Moderate Unreviewed

CVE-2024-57097 was published Feb 3, 2025

ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller... High Unreviewed

CVE-2024-57452 was published Feb 3, 2025

Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to... Moderate Unreviewed

CVE-2024-57498 was published Feb 3, 2025

itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the... Moderate Unreviewed

CVE-2024-50656 was published Feb 3, 2025

The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in... Moderate Unreviewed

CVE-2024-11132 was published Feb 3, 2025

Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully... Critical Unreviewed

CVE-2024-57098 was published Feb 3, 2025

Previous 1 2 … 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

253,100 advisories