GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
228,995 advisories
Filter by severity
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain...
Moderate
Unreviewed
CVE-2024-23586
was published
Sep 28, 2024
A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05...
Unknown
Unreviewed
CVE-2024-46453
was published
Sep 27, 2024
A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by...
Moderate
Unreviewed
CVE-2024-9293
was published
Sep 27, 2024
In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.
Moderate
Unreviewed
CVE-2024-9160
was published
Sep 27, 2024
Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote...
High
Unreviewed
CVE-2024-33369
was published
Sep 27, 2024
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to...
Moderate
Unreviewed
CVE-2024-9291
was published
Sep 27, 2024
An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could...
High
Unreviewed
CVE-2024-6436
was published
Sep 27, 2024
An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary...
High
Unreviewed
CVE-2024-33368
was published
Sep 27, 2024
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an...
Unknown
Unreviewed
CVE-2024-46256
was published
Sep 27, 2024
A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2...
Unknown
Unreviewed
CVE-2024-46257
was published
Sep 27, 2024
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises...
High
Unreviewed
CVE-2024-6983
was published
Sep 27, 2024
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a
session...
High
Unreviewed
CVE-2024-39275
was published
Sep 27, 2024
A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical....
High
Unreviewed
CVE-2024-9284
was published
Sep 27, 2024
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute...
Unknown
Unreviewed
CVE-2024-25412
was published
Sep 27, 2024
OMNTEC Proteus Tank Monitoring OEL8000III Series
could allow an attacker to perform...
Critical
Unreviewed
CVE-2024-6981
was published
Sep 27, 2024
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64...
Moderate
Unreviewed
CVE-2024-37187
was published
Sep 27, 2024
Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete...
Critical
Unreviewed
CVE-2024-8630
was published
Sep 27, 2024
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western...
Critical
Unreviewed
CVE-2024-22170
was published
Sep 27, 2024
Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an...
High
Unreviewed
CVE-2024-28948
was published
Sep 27, 2024
Advantech ADAM 5550's web application includes a "logs" page where all
the HTTP requests...
High
Unreviewed
CVE-2024-38308
was published
Sep 27, 2024
Advantech ADAM-5630
has built-in commands that can be executed without authenticating the
user....
High
Unreviewed
CVE-2024-39364
was published
Sep 27, 2024
OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the...
Critical
Unreviewed
CVE-2024-8310
was published
Sep 27, 2024
Advantech ADAM-5630 shares user credentials plain text between the device and the user source...
Moderate
Unreviewed
CVE-2024-34542
was published
Sep 27, 2024
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute...
Moderate
Unreviewed
CVE-2024-25411
was published
Sep 27, 2024
A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote...
High
Unreviewed
CVE-2024-46366
was published
Sep 27, 2024
ProTip!
Advisories are also available from the
GraphQL API