Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,983
Maven
5,000+
npm
3,701
NuGet
657
pip
3,325
Pub
11
RubyGems
882
Rust
835
Swift
35
Unreviewed advisories
All unreviewed
5,000+

99,048 advisories

Loading
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS).... High Unreviewed
CVE-2020-11859 was published Nov 6, 2024
Symfony vulnerable to command execution hijack on Windows with Process class High
CVE-2024-51736 was published for symfony/process (Composer) Nov 6, 2024
nicolas-grekas
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in... High Unreviewed
CVE-2024-10020 was published Nov 6, 2024
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress... High Unreviewed
CVE-2024-9946 was published Nov 6, 2024
Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function ... High Unreviewed
CVE-2024-51116 was published Nov 6, 2024
An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line... High Unreviewed
CVE-2024-47463 was published Nov 6, 2024
An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command... High Unreviewed
CVE-2024-47461 was published Nov 6, 2024
An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line... High Unreviewed
CVE-2024-47462 was published Nov 6, 2024
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for... High Unreviewed
CVE-2024-10028 was published Nov 6, 2024
An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an... High Unreviewed
CVE-2024-51240 was published Nov 5, 2024
Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform... High Unreviewed
CVE-2024-51381 was published Nov 5, 2024
Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS... High Unreviewed
CVE-2024-51380 was published Nov 5, 2024
Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the... High Unreviewed
CVE-2024-51382 was published Nov 5, 2024
Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability... High Unreviewed
CVE-2024-51379 was published Nov 5, 2024
A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT... High Unreviewed
CVE-2024-7995 was published Nov 5, 2024
Waybox Enel X web management API authentication could be bypassed and provide administrator’s... High Unreviewed
CVE-2023-29117 was published Nov 5, 2024
HAPI FHIR XML External Entity (XXE) vulnerability High
CVE-2024-51132 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Nov 5, 2024
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware... High Unreviewed
CVE-2024-9579 was published Nov 5, 2024
Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write... High Unreviewed
CVE-2024-49522 was published Nov 5, 2024
Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a... High Unreviewed
CVE-2024-51021 was published Nov 5, 2024
D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the... High Unreviewed
CVE-2024-51024 was published Nov 5, 2024
D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the... High Unreviewed
CVE-2024-51023 was published Nov 5, 2024
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were... High Unreviewed
CVE-2024-52022 was published Nov 5, 2024
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the... High Unreviewed
CVE-2024-52019 was published Nov 5, 2024
Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the... High Unreviewed
CVE-2024-52018 was published Nov 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database