Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

22,982 advisories

Loading
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS)... Critical Unreviewed
CVE-2024-8887 was published Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-43978 was published Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-44004 was published Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-43976 was published Sep 18, 2024
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication... Critical Unreviewed
CVE-2024-8956 was published Sep 17, 2024
hermes-management is vulnerable to RCE due to Apache commons-jxpath Critical
GHSA-2gh6-wc3m-g37f was published for pl.allegro.tech.hermes:hermes-management (Maven) Sep 17, 2024
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC... Critical Unreviewed
CVE-2024-38812 was published Sep 17, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),... Critical Unreviewed
CVE-2024-7873 was published Sep 17, 2024
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The... Critical Unreviewed
CVE-2024-8767 was published Sep 17, 2024
OpenShift Controller Manager Improper Privilege Management Critical
CVE-2024-45496 was published for github.com/openshift/openshift-controller-manager (Go) Sep 17, 2024
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer Critical
CVE-2024-7387 was published for github.com/openshift/builder (Go) Sep 17, 2024
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in... Critical Unreviewed
CVE-2024-45415 was published Sep 16, 2024
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in... Critical Unreviewed
CVE-2024-45414 was published Sep 16, 2024
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that... Critical Unreviewed
CVE-2024-8752 was published Sep 16, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww... Critical Unreviewed
CVE-2024-7104 was published Sep 16, 2024
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure... Critical Unreviewed
CVE-2024-7098 was published Sep 16, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-6401 was published Sep 16, 2024
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer... Critical Unreviewed
CVE-2024-45694 was published Sep 16, 2024
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is... Critical Unreviewed
CVE-2024-45697 was published Sep 16, 2024
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the... Critical Unreviewed
CVE-2024-46451 was published Sep 16, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties... Critical Unreviewed
CVE-2024-46937 was published Sep 16, 2024
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg... Critical Unreviewed
CVE-2024-46419 was published Sep 16, 2024
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org... Critical Unreviewed
CVE-2024-46918 was published Sep 16, 2024
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer... Critical Unreviewed
CVE-2024-45695 was published Sep 16, 2024
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL... Critical Unreviewed
CVE-2024-8669 was published Sep 16, 2024
ProTip! Advisories are also available from the GraphQL API