GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,335
Composer 4,133
Erlang 29
GitHub Actions 19
Go 1,939
Maven 5,134
npm 3,677
NuGet 643
pip 3,295
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 230,798

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,187 advisories

Filter by severity

Sort by

Least recently updated

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries... Critical Unreviewed

CVE-2024-9264 was published Oct 18, 2024

SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality.... Critical Unreviewed

CVE-2024-10118 was published Oct 18, 2024

The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An... Critical Unreviewed

CVE-2024-10119 was published Oct 18, 2024

Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque... Critical Unreviewed

CVE-2024-49195 was published Oct 15, 2024

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed

CVE-2024-48153 was published Oct 14, 2024

A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the... Critical Unreviewed

CVE-2024-4320 was published Jun 6, 2024

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when... Critical Unreviewed

CVE-2021-20204 was published May 24, 2022

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed

CVE-2024-3033 was published Jun 6, 2024

ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which... Critical Unreviewed

CVE-2024-48180 was published Oct 16, 2024

An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker... Critical Unreviewed

CVE-2024-48779 was published Oct 15, 2024

parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code... Critical Unreviewed

CVE-2024-2360 was published Jun 6, 2024

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows... Critical Unreviewed

CVE-2024-2362 was published Jun 6, 2024

An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege... Critical Unreviewed

CVE-2023-28805 was published Oct 23, 2023

Unrestricted Upload of File with Dangerous Type vulnerability in 酱茄 JiangQie Free Mini Program... Critical Unreviewed

CVE-2024-49314 was published Oct 17, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-49246 was published Oct 17, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-49305 was published Oct 17, 2024

Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in... Critical Unreviewed

CVE-2024-49217 was published Oct 17, 2024

Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress... Critical Unreviewed

CVE-2024-49322 was published Oct 17, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This... Critical Unreviewed

CVE-2024-49291 was published Oct 17, 2024

The affected product is vulnerable to a cross-site scripting attack which may allow an attacker... Critical Unreviewed

CVE-2024-49397 was published Oct 17, 2024

Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object... Critical Unreviewed

CVE-2024-49318 was published Oct 17, 2024

HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of... Critical Unreviewed

CVE-2024-32608 was published Oct 9, 2024

Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ... Critical Unreviewed

CVE-2024-23786 was published Oct 17, 2024

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Critical Unreviewed

CVE-2024-21216 was published Oct 15, 2024

Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the... Critical Unreviewed

CVE-2023-50808 was published Feb 13, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

20,187 advisories