GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,106 advisories
Filter by severity
The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation...
Critical
Unreviewed
CVE-2024-7202
was published
Jul 29, 2024
The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation...
Critical
Unreviewed
CVE-2024-7201
was published
Jul 29, 2024
The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not...
Critical
Unreviewed
CVE-2024-5670
was published
Jul 29, 2024
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset...
Critical
Unreviewed
CVE-2024-24621
was published
Jul 26, 2024
Access control vulnerability in the security verification module.
Impact: Successful exploitation...
Critical
Unreviewed
CVE-2024-39671
was published
Jul 25, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via...
Critical
Unreviewed
CVE-2024-41459
was published
Jul 24, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via...
Critical
Unreviewed
CVE-2024-41460
was published
Jul 24, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via...
Critical
Unreviewed
CVE-2024-41461
was published
Jul 24, 2024
CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via...
Critical
Unreviewed
CVE-2024-41551
was published
Jul 24, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is...
Critical
Unreviewed
CVE-2024-40422
was published
Jul 24, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code...
Critical
Unreviewed
CVE-2024-6327
was published
Jul 24, 2024
Remote command execution due to use of default passwords. The following products are affected:...
Critical
Unreviewed
CVE-2023-45249
was published
Jul 24, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to...
Critical
Unreviewed
CVE-2024-38164
was published
Jul 24, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability...
Critical
Unreviewed
CVE-2024-41319
was published
Jul 23, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming ...
Critical
Unreviewed
CVE-2024-6794
was published
Jul 22, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that...
Critical
Unreviewed
CVE-2024-6793
was published
Jul 22, 2024
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project...
Critical
Unreviewed
CVE-2024-6806
was published
Jul 22, 2024
Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to...
Critical
Unreviewed
CVE-2024-6912
was published
Jul 22, 2024
Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a...
Critical
Unreviewed
CVE-2024-6913
was published
Jul 22, 2024
All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ...
Critical
Unreviewed
CVE-2024-21552
was published
Jul 22, 2024
Ankitects Anki arbitrary script execution vulnerability
Critical
CVE-2024-26020
was published
for
anki
(pip)
Jul 22, 2024
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5...
Critical
Unreviewed
CVE-2024-37998
was published
Jul 22, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-38773
was published
Jul 22, 2024
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"...
Critical
Unreviewed
CVE-2024-37391
was published
Jul 22, 2024
ProTip!
Advisories are also available from the
GraphQL API