GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,155
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19,389 advisories
Filter by severity
TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a...
Critical
Unreviewed
CVE-2024-42049
was published
Jul 28, 2024
Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows...
Critical
Unreviewed
CVE-2024-40117
was published
Jul 26, 2024
An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive...
Critical
Unreviewed
CVE-2024-26520
was published
Jul 26, 2024
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can...
Critical
Unreviewed
CVE-2024-35161
was published
Jul 26, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2024-41468
was published
Jul 26, 2024
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset...
Critical
Unreviewed
CVE-2024-24621
was published
Jul 26, 2024
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)...
Critical
Unreviewed
CVE-2024-40324
was published
Jul 25, 2024
Access control vulnerability in the security verification module.
Impact: Successful exploitation...
Critical
Unreviewed
CVE-2024-39671
was published
Jul 25, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via...
Critical
Unreviewed
CVE-2024-41461
was published
Jul 24, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via...
Critical
Unreviewed
CVE-2024-41459
was published
Jul 24, 2024
CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via...
Critical
Unreviewed
CVE-2024-41551
was published
Jul 24, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via...
Critical
Unreviewed
CVE-2024-41460
was published
Jul 24, 2024
Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate...
Critical
Unreviewed
CVE-2024-36535
was published
Jul 24, 2024
Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and...
Critical
Unreviewed
CVE-2024-36540
was published
Jul 24, 2024
Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate...
Critical
Unreviewed
CVE-2024-36539
was published
Jul 24, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is...
Critical
Unreviewed
CVE-2024-40422
was published
Jul 24, 2024
Remote command execution due to use of default passwords. The following products are affected:...
Critical
Unreviewed
CVE-2023-45249
was published
Jul 24, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code...
Critical
Unreviewed
CVE-2024-6327
was published
Jul 24, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to...
Critical
Unreviewed
CVE-2024-38164
was published
Jul 24, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability...
Critical
Unreviewed
CVE-2024-41319
was published
Jul 23, 2024
On versions before 2.1.4, session is not invalidated after logout. When the user logged in...
Critical
Unreviewed
CVE-2024-29070
was published
Jul 23, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that...
Critical
Unreviewed
CVE-2024-6793
was published
Jul 22, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming ...
Critical
Unreviewed
CVE-2024-6794
was published
Jul 22, 2024
Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a...
Critical
Unreviewed
CVE-2024-6913
was published
Jul 22, 2024
Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to...
Critical
Unreviewed
CVE-2024-6912
was published
Jul 22, 2024
ProTip!
Advisories are also available from the
GraphQL API