GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
249,130 advisories
Filter by severity
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is...
High
Unreviewed
CVE-2024-3052
was published
Apr 27, 2024
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware...
Moderate
Unreviewed
CVE-2023-51392
was published
Feb 23, 2024
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the...
Moderate
Unreviewed
CVE-2023-6533
was published
Feb 21, 2024
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end...
High
Unreviewed
CVE-2024-3051
was published
Apr 27, 2024
The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its...
Moderate
Unreviewed
CVE-2024-6850
was published
Sep 13, 2024
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an...
High
Unreviewed
CVE-2024-36475
was published
Jul 17, 2024
A vulnerability, which was classified as problematic, was found in code-projects Blood Bank...
Moderate
Unreviewed
CVE-2024-9040
was published
Sep 20, 2024
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating...
Moderate
Unreviewed
CVE-2024-8093
was published
Sep 17, 2024
Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and...
Moderate
Unreviewed
CVE-2023-6640
was published
Feb 21, 2024
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint...
Moderate
Unreviewed
CVE-2023-5310
was published
Dec 15, 2023
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an...
Moderate
Unreviewed
CVE-2023-46170
was published
Mar 7, 2024
Advantech ADAM-5630
has built-in commands that can be executed without authenticating the
user....
High
Unreviewed
CVE-2024-39364
was published
Sep 27, 2024
Advantech ADAM-5630 shares user credentials plain text between the device and the user source...
Moderate
Unreviewed
CVE-2024-34542
was published
Sep 27, 2024
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64...
Moderate
Unreviewed
CVE-2024-37187
was published
Sep 27, 2024
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an...
Unknown
Unreviewed
CVE-2024-46256
was published
Sep 27, 2024
A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2...
Unknown
Unreviewed
CVE-2024-46257
was published
Sep 27, 2024
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML...
Moderate
Unreviewed
CVE-2024-45745
was published
Sep 27, 2024
OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the...
Critical
Unreviewed
CVE-2024-8310
was published
Sep 27, 2024
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a
session...
High
Unreviewed
CVE-2024-39275
was published
Sep 27, 2024
A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical....
High
Unreviewed
CVE-2024-9284
was published
Sep 27, 2024
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with...
Low
Unreviewed
CVE-2024-45744
was published
Sep 27, 2024
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute...
Unknown
Unreviewed
CVE-2024-25412
was published
Sep 27, 2024
OMNTEC Proteus Tank Monitoring OEL8000III Series
could allow an attacker to perform...
Critical
Unreviewed
CVE-2024-6981
was published
Sep 27, 2024
Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete...
Critical
Unreviewed
CVE-2024-8630
was published
Sep 27, 2024
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western...
Critical
Unreviewed
CVE-2024-22170
was published
Sep 27, 2024
ProTip!
Advisories are also available from the
GraphQL API