Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

97,391 advisories

Loading
An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code... High Unreviewed
CVE-2024-46441 was published Sep 27, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-8607 was published Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-8608 was published Sep 27, 2024
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows... High Unreviewed
CVE-2024-8609 was published Sep 27, 2024
In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. This... High Unreviewed
CVE-2024-39432 was published Sep 27, 2024
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2024-6931 was published Sep 27, 2024
The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the... High Unreviewed
CVE-2024-7400 was published Sep 27, 2024
In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. This... High Unreviewed
CVE-2024-39431 was published Sep 27, 2024
A flaw was found in freeimage library. Processing a crafted image can cause a buffer over-read of... High Unreviewed
CVE-2024-9029 was published Sep 27, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time... High Unreviewed
CVE-2024-9130 was published Sep 27, 2024
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is... High Unreviewed
CVE-2024-8922 was published Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain... High Unreviewed
CVE-2024-40508 was published Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain... High Unreviewed
CVE-2024-40506 was published Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain... High Unreviewed
CVE-2024-40507 was published Sep 27, 2024
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE)... High Unreviewed
CVE-2024-46628 was published Sep 26, 2024
A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in... High Unreviewed
CVE-2024-6769 was published Sep 26, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
Rancher agents can be hijacked by taking over the Rancher Server URL High
CVE-2024-22030 was published for github.com/rancher/rancher (Go) Sep 26, 2024
The goTenna Pro ATAK Plugin does not use SecureRandom when generating its cryptographic keys.... High Unreviewed
CVE-2024-45723 was published Sep 26, 2024
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker... High Unreviewed
CVE-2024-47125 was published Sep 26, 2024
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an... High Unreviewed
CVE-2024-39577 was published Sep 26, 2024
The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys... High Unreviewed
CVE-2024-47130 was published Sep 26, 2024
The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The... High Unreviewed
CVE-2024-47126 was published Sep 26, 2024
A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the... High Unreviewed
CVE-2024-45982 was published Sep 26, 2024
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an... High Unreviewed
CVE-2024-37125 was published Sep 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database