GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
97,391 advisories
Filter by severity
An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code...
High
Unreviewed
CVE-2024-46441
was published
Sep 27, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-8607
was published
Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-8608
was published
Sep 27, 2024
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows...
High
Unreviewed
CVE-2024-8609
was published
Sep 27, 2024
In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. This...
High
Unreviewed
CVE-2024-39432
was published
Sep 27, 2024
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
High
Unreviewed
CVE-2024-6931
was published
Sep 27, 2024
The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the...
High
Unreviewed
CVE-2024-7400
was published
Sep 27, 2024
In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. This...
High
Unreviewed
CVE-2024-39431
was published
Sep 27, 2024
A flaw was found in freeimage library. Processing a crafted image can cause a buffer over-read of...
High
Unreviewed
CVE-2024-9029
was published
Sep 27, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time...
High
Unreviewed
CVE-2024-9130
was published
Sep 27, 2024
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is...
High
Unreviewed
CVE-2024-8922
was published
Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain...
High
Unreviewed
CVE-2024-40508
was published
Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain...
High
Unreviewed
CVE-2024-40506
was published
Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain...
High
Unreviewed
CVE-2024-40507
was published
Sep 27, 2024
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE)...
High
Unreviewed
CVE-2024-46628
was published
Sep 26, 2024
A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in...
High
Unreviewed
CVE-2024-6769
was published
Sep 26, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
High
CVE-2024-7594
was published
for
github.com/hashicorp/vault
(Go)
Sep 26, 2024
Rancher agents can be hijacked by taking over the Rancher Server URL
High
CVE-2024-22030
was published
for
github.com/rancher/rancher
(Go)
Sep 26, 2024
The goTenna Pro ATAK Plugin does not use SecureRandom when generating
its cryptographic keys....
High
Unreviewed
CVE-2024-45723
was published
Sep 26, 2024
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker...
High
Unreviewed
CVE-2024-47125
was published
Sep 26, 2024
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an...
High
Unreviewed
CVE-2024-39577
was published
Sep 26, 2024
The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys...
High
Unreviewed
CVE-2024-47130
was published
Sep 26, 2024
The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The...
High
Unreviewed
CVE-2024-47126
was published
Sep 26, 2024
A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the...
High
Unreviewed
CVE-2024-45982
was published
Sep 26, 2024
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an...
High
Unreviewed
CVE-2024-37125
was published
Sep 26, 2024
ProTip!
Advisories are also available from the
GraphQL API