GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
22,982 advisories
Filter by severity
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS)...
Critical
Unreviewed
CVE-2024-8887
was published
Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-43978
was published
Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-44004
was published
Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-43976
was published
Sep 18, 2024
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication...
Critical
Unreviewed
CVE-2024-8956
was published
Sep 17, 2024
hermes-management is vulnerable to RCE due to Apache commons-jxpath
Critical
GHSA-2gh6-wc3m-g37f
was published
for
pl.allegro.tech.hermes:hermes-management
(Maven)
Sep 17, 2024
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2024-38812
was published
Sep 17, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),...
Critical
Unreviewed
CVE-2024-7873
was published
Sep 17, 2024
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The...
Critical
Unreviewed
CVE-2024-8767
was published
Sep 17, 2024
OpenShift Controller Manager Improper Privilege Management
Critical
CVE-2024-45496
was published
for
github.com/openshift/openshift-controller-manager
(Go)
Sep 17, 2024
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
Critical
CVE-2024-7387
was published
for
github.com/openshift/builder
(Go)
Sep 17, 2024
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in...
Critical
Unreviewed
CVE-2024-45415
was published
Sep 16, 2024
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in...
Critical
Unreviewed
CVE-2024-45414
was published
Sep 16, 2024
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that...
Critical
Unreviewed
CVE-2024-8752
was published
Sep 16, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww...
Critical
Unreviewed
CVE-2024-7104
was published
Sep 16, 2024
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure...
Critical
Unreviewed
CVE-2024-7098
was published
Sep 16, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-6401
was published
Sep 16, 2024
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer...
Critical
Unreviewed
CVE-2024-45694
was published
Sep 16, 2024
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is...
Critical
Unreviewed
CVE-2024-45697
was published
Sep 16, 2024
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the...
Critical
Unreviewed
CVE-2024-46451
was published
Sep 16, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties...
Critical
Unreviewed
CVE-2024-46937
was published
Sep 16, 2024
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg...
Critical
Unreviewed
CVE-2024-46419
was published
Sep 16, 2024
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org...
Critical
Unreviewed
CVE-2024-46918
was published
Sep 16, 2024
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer...
Critical
Unreviewed
CVE-2024-45695
was published
Sep 16, 2024
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-8669
was published
Sep 16, 2024
ProTip!
Advisories are also available from the
GraphQL API