GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19,966 advisories
Filter by severity
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack...
Critical
Unreviewed
CVE-2024-27185
was published
Aug 20, 2024
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that...
Critical
Unreviewed
CVE-2024-8752
was published
Sep 16, 2024
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the...
Critical
Unreviewed
CVE-2024-46958
was published
Sep 16, 2024
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run...
Critical
Unreviewed
CVE-2024-45489
was published
Sep 20, 2024
An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the...
Critical
Unreviewed
CVE-2024-41721
was published
Sep 20, 2024
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure...
Critical
Unreviewed
CVE-2024-7098
was published
Sep 16, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-6401
was published
Sep 16, 2024
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org...
Critical
Unreviewed
CVE-2024-46918
was published
Sep 16, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties...
Critical
Unreviewed
CVE-2024-46937
was published
Sep 16, 2024
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and...
Critical
Unreviewed
CVE-2024-24691
was published
Feb 14, 2024
An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x...
Critical
Unreviewed
CVE-2024-45523
was published
Sep 18, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww...
Critical
Unreviewed
CVE-2024-7104
was published
Sep 16, 2024
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10...
Critical
Unreviewed
CVE-2024-33109
was published
Sep 19, 2024
Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process....
Critical
Unreviewed
CVE-2024-9043
was published
Sep 20, 2024
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-8853
was published
Sep 20, 2024
Buffer Overflow vulnerability in btstack mesh commit before v...
Critical
Unreviewed
CVE-2024-40568
was published
Sep 18, 2024
Best House Rental Management System 1.0 contains a SQL injection vulnerability in the...
Critical
Unreviewed
CVE-2024-46374
was published
Sep 18, 2024
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute...
Critical
Unreviewed
CVE-2024-43042
was published
Aug 16, 2024
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables...
Critical
Unreviewed
CVE-2024-45159
was published
Sep 5, 2024
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This...
Critical
Unreviewed
CVE-2024-7591
was published
Sep 5, 2024
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the...
Critical
Unreviewed
CVE-2024-46377
was published
Sep 18, 2024
Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise,...
Critical
Unreviewed
CVE-2023-0636
was published
Jul 6, 2023
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to...
Critical
Unreviewed
CVE-2024-8963
was published
Sep 19, 2024
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if...
Critical
Unreviewed
CVE-2024-45861
was published
Sep 19, 2024
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or...
Critical
Unreviewed
CVE-2023-5365
was published
Oct 9, 2023
ProTip!
Advisories are also available from the
GraphQL API