GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,322
Composer 4,131
Erlang 29
GitHub Actions 19
Go 1,936
Maven 5,131
npm 3,676
NuGet 642
pip 3,292
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 230,509

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,141 advisories

Filter by severity

Sort by

Least recently updated

RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code... Critical Unreviewed

CVE-2024-46076 was published Oct 7, 2024

Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs... Critical Unreviewed

CVE-2024-46446 was published Oct 7, 2024

Memory corruption while redirecting log file to any file location with any file name. Critical Unreviewed

CVE-2024-33066 was published Oct 7, 2024

SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by... Critical Unreviewed

CVE-2024-9574 was published Oct 7, 2024

In wlan driver, there is a possible out of bounds write due to improper input validation. This... Critical Unreviewed

CVE-2024-20100 was published Oct 7, 2024

In wlan firmware, there is a possible out of bounds write due to improper input validation. This... Critical Unreviewed

CVE-2024-20103 was published Oct 7, 2024

In wlan driver, there is a possible out of bounds write due to improper input validation. This... Critical Unreviewed

CVE-2024-20101 was published Oct 7, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-47350 was published Oct 6, 2024

Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed

CVE-2024-45251 was published Oct 6, 2024

Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Critical Unreviewed

CVE-2024-45249 was published Oct 6, 2024

Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed

CVE-2024-45252 was published Oct 6, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed

CVE-2024-44014 was published Oct 5, 2024

TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a... Critical Unreviewed

CVE-2023-26770 was published Oct 4, 2024

This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect... Critical Unreviewed

CVE-2024-47656 was published Oct 4, 2024

The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication... Critical Unreviewed

CVE-2024-45367 was published Oct 4, 2024

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx.... Critical Unreviewed

CVE-2024-43699 was published Oct 4, 2024

The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly... Critical Unreviewed

CVE-2024-41925 was published Oct 4, 2024

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via... Critical Unreviewed

CVE-2024-41593 was published Oct 3, 2024

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS... Critical Unreviewed

CVE-2024-41988 was published Oct 3, 2024

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0... Critical Unreviewed

CVE-2024-45519 was published Oct 3, 2024

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection... Critical Unreviewed

CVE-2024-9441 was published Oct 2, 2024

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC)... Critical Unreviewed

CVE-2024-20432 was published Oct 2, 2024

According to the researcher: "The TLS connections are encrypted against tampering or... Critical Unreviewed

CVE-2024-44097 was published Oct 2, 2024

An unauthenticated remote attacker may use a missing authentication for critical function... Critical Unreviewed

CVE-2024-35293 was published Oct 2, 2024

FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. Critical Unreviewed

CVE-2024-45186 was published Oct 2, 2024

Previous 1 2 3 4 5 6 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

20,141 advisories