Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

23,060 advisories

Loading
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows... Critical Unreviewed
CVE-2024-34331 was published Sep 23, 2024
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account... Critical Unreviewed
CVE-2024-0002 was published Sep 23, 2024
A condition exists in FlashArray Purity whereby a local account intended for initial array... Critical Unreviewed
CVE-2024-0001 was published Sep 23, 2024
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute... Critical Unreviewed
CVE-2024-0005 was published Sep 23, 2024
A condition exists in FlashArray Purity whereby a malicious user could use a remote... Critical Unreviewed
CVE-2024-0003 was published Sep 23, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-7735 was published Sep 23, 2024
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows... Critical Unreviewed
CVE-2024-8606 was published Sep 23, 2024
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. Critical Unreviewed
CVE-2024-47218 was published Sep 22, 2024
GDidees CMS <= v3.9.1 has a file upload vulnerability. Critical Unreviewed
CVE-2024-46101 was published Sep 20, 2024
SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although... Critical Unreviewed
CVE-2024-46640 was published Sep 20, 2024
SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. Critical Unreviewed
CVE-2024-46103 was published Sep 20, 2024
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run... Critical Unreviewed
CVE-2024-45489 was published Sep 20, 2024
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. Critical Unreviewed
CVE-2024-46652 was published Sep 20, 2024
Navidrome has Multiple SQL Injections and ORM Leak Critical
CVE-2024-47062 was published for github.com/navidrome/navidrome (Go) Sep 20, 2024
snyff
Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process.... Critical Unreviewed
CVE-2024-9043 was published Sep 20, 2024
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed
CVE-2024-8853 was published Sep 20, 2024
An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the... Critical Unreviewed
CVE-2024-41721 was published Sep 20, 2024
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10... Critical Unreviewed
CVE-2024-33109 was published Sep 19, 2024
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2024-8963 was published Sep 19, 2024
libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM... Critical Unreviewed
CVE-2024-31570 was published Sep 19, 2024
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if... Critical Unreviewed
CVE-2024-45861 was published Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-7785 was published Sep 19, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat
Dragonfly2 has hard coded cyptographic key Critical
CVE-2023-27584 was published for d7y.io/dragonfly/v2 (Go) Sep 19, 2024
cokeBeer
Grafana plugin SDK Information Leakage Critical
CVE-2024-8986 was published for github.com/grafana/grafana-plugin-sdk-go (Go) Sep 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database