Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

22,982 advisories

Loading
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10... Critical Unreviewed
CVE-2024-33109 was published Sep 19, 2024
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2024-8963 was published Sep 19, 2024
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if... Critical Unreviewed
CVE-2024-45861 was published Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-7785 was published Sep 19, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat
Dragonfly2 has hard coded cyptographic key Critical
CVE-2023-27584 was published for d7y.io/dragonfly/v2 (Go) Sep 19, 2024
cokeBeer
Grafana plugin SDK Information Leakage Critical
CVE-2024-8986 was published for github.com/grafana/grafana-plugin-sdk-go (Go) Sep 19, 2024
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive... Critical Unreviewed
CVE-2024-47088 was published Sep 19, 2024
LangChain Experimental Eval Injection vulnerability Critical
CVE-2024-46946 was published for langchain-experimental (pip) Sep 19, 2024
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the... Critical Unreviewed
CVE-2024-46375 was published Sep 18, 2024
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the... Critical Unreviewed
CVE-2024-46376 was published Sep 18, 2024
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the... Critical Unreviewed
CVE-2024-46377 was published Sep 18, 2024
Buffer Overflow vulnerability in btstack mesh commit before v... Critical Unreviewed
CVE-2024-40568 was published Sep 18, 2024
Best House Rental Management System 1.0 contains a SQL injection vulnerability in the... Critical Unreviewed
CVE-2024-46374 was published Sep 18, 2024
**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An... Critical Unreviewed
CVE-2024-34399 was published Sep 18, 2024
Chaosblade vulnerable to OS command execution Critical
CVE-2023-47105 was published for github.com/chaosblade-io/chaosblade (Go) Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-5959 was published Sep 18, 2024
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain... Critical Unreviewed
CVE-2024-5960 was published Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-5958 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-6877 was published Sep 18, 2024
Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows... Critical Unreviewed
CVE-2024-6878 was published Sep 18, 2024
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser... Critical Unreviewed
CVE-2024-34026 was published Sep 18, 2024
SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2024-44542 was published Sep 18, 2024
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1... Critical Unreviewed
CVE-2024-8888 was published Sep 18, 2024
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify... Critical Unreviewed
CVE-2024-8889 was published Sep 18, 2024
ProTip! Advisories are also available from the GraphQL API