Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

23,060 advisories

Loading
Gradio allows users to access arbitrary files Critical
GHSA-m842-4qm8-7gpq was published for gradio (pip) Sep 25, 2024
PinkDraconian
TouchLink packets processed after timeout or out of range due to Operation on a Resource after... Critical Unreviewed
CVE-2023-41094 was published Oct 4, 2023
Heap-based Buffer Overflow in sqlite-vec Critical
CVE-2024-46488 was published for sqlite-vec (RubyGems) Sep 25, 2024
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser... Critical Unreviewed
CVE-2024-34026 was published Sep 18, 2024
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive... Critical Unreviewed
CVE-2024-47088 was published Sep 19, 2024
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an... Critical Unreviewed
CVE-2024-22127 was published Mar 12, 2024
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9... Critical Unreviewed
CVE-2023-37759 was published Sep 8, 2023
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for apache-submarine (Maven) Jun 12, 2024
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal Critical
CVE-2024-47169 was published for agnai (npm) Sep 26, 2024
ropwareJB
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-5958 was published Sep 18, 2024
The device enables an unauthorized attacker to execute system commands with elevated privileges.... Critical Unreviewed
CVE-2024-9166 was published Sep 26, 2024
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in... Critical Unreviewed
CVE-2023-40039 was published Sep 11, 2023
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-5959 was published Sep 18, 2024
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass... Critical Unreviewed
CVE-2024-8277 was published Sep 11, 2024
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a... Critical Unreviewed
CVE-2024-7772 was published Sep 26, 2024
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU)... Critical Unreviewed
CVE-2024-0132 was published Sep 26, 2024
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. Critical Unreviewed
CVE-2024-33868 was published May 14, 2024
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2024-30922 was published Apr 18, 2024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote... Critical Unreviewed
CVE-2024-7024 was published Sep 24, 2024
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business... Critical Unreviewed
CVE-2022-21587 was published Oct 19, 2022
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-6877 was published Sep 18, 2024
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an... Critical Unreviewed
CVE-2024-44677 was published Sep 10, 2024
A remote authentication bypass issue exists in some OneView APIs. Critical Unreviewed
CVE-2023-30909 was published Sep 14, 2023
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2021-35587 was published Jan 20, 2022
An issue in Notion for macOS version 3.1.0 and before, allows remote attackers to execute... Critical Unreviewed
CVE-2024-23743 was published Jan 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database