GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,187 advisories
Filter by severity
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries...
Critical
Unreviewed
CVE-2024-9264
was published
Oct 18, 2024
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality....
Critical
Unreviewed
CVE-2024-10118
was published
Oct 18, 2024
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An...
Critical
Unreviewed
CVE-2024-10119
was published
Oct 18, 2024
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque...
Critical
Unreviewed
CVE-2024-49195
was published
Oct 15, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-48153
was published
Oct 14, 2024
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the...
Critical
Unreviewed
CVE-2024-4320
was published
Jun 6, 2024
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when...
Critical
Unreviewed
CVE-2021-20204
was published
May 24, 2022
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3033
was published
Jun 6, 2024
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which...
Critical
Unreviewed
CVE-2024-48180
was published
Oct 16, 2024
An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48779
was published
Oct 15, 2024
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code...
Critical
Unreviewed
CVE-2024-2360
was published
Jun 6, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows...
Critical
Unreviewed
CVE-2024-2362
was published
Jun 6, 2024
An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege...
Critical
Unreviewed
CVE-2023-28805
was published
Oct 23, 2023
Unrestricted Upload of File with Dangerous Type vulnerability in 酱茄 JiangQie Free Mini Program...
Critical
Unreviewed
CVE-2024-49314
was published
Oct 17, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-49246
was published
Oct 17, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-49305
was published
Oct 17, 2024
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in...
Critical
Unreviewed
CVE-2024-49217
was published
Oct 17, 2024
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress...
Critical
Unreviewed
CVE-2024-49322
was published
Oct 17, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This...
Critical
Unreviewed
CVE-2024-49291
was published
Oct 17, 2024
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker...
Critical
Unreviewed
CVE-2024-49397
was published
Oct 17, 2024
Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object...
Critical
Unreviewed
CVE-2024-49318
was published
Oct 17, 2024
HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of...
Critical
Unreviewed
CVE-2024-32608
was published
Oct 9, 2024
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ...
Critical
Unreviewed
CVE-2024-23786
was published
Oct 17, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Critical
Unreviewed
CVE-2024-21216
was published
Oct 15, 2024
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the...
Critical
Unreviewed
CVE-2023-50808
was published
Feb 13, 2024
ProTip!
Advisories are also available from the
GraphQL API