GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,141 advisories
Filter by severity
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code...
Critical
Unreviewed
CVE-2024-46076
was published
Oct 7, 2024
Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs...
Critical
Unreviewed
CVE-2024-46446
was published
Oct 7, 2024
Memory corruption while redirecting log file to any file location with any file name.
Critical
Unreviewed
CVE-2024-33066
was published
Oct 7, 2024
SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by...
Critical
Unreviewed
CVE-2024-9574
was published
Oct 7, 2024
In wlan driver, there is a possible out of bounds write due to improper input validation. This...
Critical
Unreviewed
CVE-2024-20100
was published
Oct 7, 2024
In wlan firmware, there is a possible out of bounds write due to improper input validation. This...
Critical
Unreviewed
CVE-2024-20103
was published
Oct 7, 2024
In wlan driver, there is a possible out of bounds write due to improper input validation. This...
Critical
Unreviewed
CVE-2024-20101
was published
Oct 7, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-47350
was published
Oct 6, 2024
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-45251
was published
Oct 6, 2024
Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Critical
Unreviewed
CVE-2024-45249
was published
Oct 6, 2024
Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command...
Critical
Unreviewed
CVE-2024-45252
was published
Oct 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-44014
was published
Oct 5, 2024
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a...
Critical
Unreviewed
CVE-2023-26770
was published
Oct 4, 2024
This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect...
Critical
Unreviewed
CVE-2024-47656
was published
Oct 4, 2024
The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication...
Critical
Unreviewed
CVE-2024-45367
was published
Oct 4, 2024
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx....
Critical
Unreviewed
CVE-2024-43699
was published
Oct 4, 2024
The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly...
Critical
Unreviewed
CVE-2024-41925
was published
Oct 4, 2024
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2024-41593
was published
Oct 3, 2024
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS...
Critical
Unreviewed
CVE-2024-41988
was published
Oct 3, 2024
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection...
Critical
Unreviewed
CVE-2024-9441
was published
Oct 2, 2024
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC)...
Critical
Unreviewed
CVE-2024-20432
was published
Oct 2, 2024
According to the researcher: "The TLS connections are encrypted against tampering or...
Critical
Unreviewed
CVE-2024-44097
was published
Oct 2, 2024
An unauthenticated remote attacker may use a missing authentication for critical function...
Critical
Unreviewed
CVE-2024-35293
was published
Oct 2, 2024
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.
Critical
Unreviewed
CVE-2024-45186
was published
Oct 2, 2024
ProTip!
Advisories are also available from the
GraphQL API