Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

102,407 advisories

Loading
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability.... High Unreviewed
CVE-2024-6203 was published Aug 6, 2024
Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. High Unreviewed
CVE-2024-6781 was published Aug 6, 2024
Name confusion in x509 Subject Alternative Name fields High
CVE-2023-52892 was published for phpseclib/phpseclib (Composer) Jun 28, 2024
projectdiscovery/nuclei allows unsigned code template execution through workflows High
CVE-2024-40641 was published for github.com/projectdiscovery/nuclei/v3 (Go) Jul 17, 2024
Ovi3
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to... High Unreviewed
CVE-2018-0824 was published May 14, 2022
The Horizontal scrolling announcements plugin for WordPress is vulnerable to SQL Injection via... High Unreviewed
CVE-2023-5000 was published Aug 6, 2024
The Traffic Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2024-7485 was published Aug 6, 2024
The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2024-6315 was published Aug 6, 2024
The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2024-7484 was published Aug 6, 2024
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris... High Unreviewed
CVE-2024-5828 was published Aug 6, 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can... High Unreviewed
CVE-2024-25736 was published Mar 27, 2024
The ParseAddressList function incorrectly handles comments (text within parentheses) within... High Unreviewed
CVE-2024-24784 was published Mar 6, 2024
A remote code execution vulnerability has been identified in the User Defined Tags module of CMS... High Unreviewed
CVE-2024-27622 was published Mar 5, 2024
Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3... High Unreviewed
CVE-2023-51147 was published Mar 27, 2024
Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery ... High Unreviewed
CVE-2024-22873 was published Feb 26, 2024
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized... High Unreviewed
CVE-2024-42161 was published Jul 30, 2024
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default... High Unreviewed
CVE-2024-41690 was published Jul 26, 2024
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of... High Unreviewed
CVE-2024-28551 was published Mar 26, 2024
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. High Unreviewed
CVE-2024-41376 was published Aug 5, 2024
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials... High Unreviewed
CVE-2024-41691 was published Jul 26, 2024
In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped... High Unreviewed
CVE-2024-42162 was published Jul 30, 2024
In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the... High Unreviewed
CVE-2024-28286 was published Mar 21, 2024
VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via... High Unreviewed
CVE-2024-26577 was published Mar 27, 2024
TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error that causes a buffer... High Unreviewed
CVE-2023-52729 was published May 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database