Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

23,013 advisories

Loading
A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the... Critical Unreviewed
CVE-2024-27112 was published Sep 11, 2024
**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An... Critical Unreviewed
CVE-2024-34399 was published Sep 18, 2024
SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2024-44542 was published Sep 18, 2024
Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows... Critical Unreviewed
CVE-2024-6878 was published Sep 18, 2024
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the... Critical Unreviewed
CVE-2024-27113 was published Sep 11, 2024
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online... Critical Unreviewed
CVE-2024-27115 was published Sep 11, 2024
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in... Critical Unreviewed
CVE-2024-45415 was published Sep 16, 2024
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in... Critical Unreviewed
CVE-2024-45414 was published Sep 16, 2024
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this... Critical Unreviewed
CVE-2023-44106 was published Oct 11, 2023
Django user with hardcoded password created when running tests on Oracle Critical
CVE-2016-9013 was published for Django (pip) May 17, 2022
MarkLee131
An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect... Critical Unreviewed
CVE-2024-36736 was published Jun 6, 2024
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain... Critical Unreviewed
CVE-2024-5960 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-6877 was published Sep 18, 2024
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser... Critical Unreviewed
CVE-2024-34026 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-5959 was published Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-5958 was published Sep 18, 2024
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS)... Critical Unreviewed
CVE-2024-8887 was published Sep 18, 2024
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1... Critical Unreviewed
CVE-2024-8888 was published Sep 18, 2024
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify... Critical Unreviewed
CVE-2024-8889 was published Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-44004 was published Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-43978 was published Sep 18, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-43976 was published Sep 18, 2024
TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account... Critical Unreviewed
CVE-2024-39374 was published Jun 27, 2024
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer... Critical Unreviewed
CVE-2024-45695 was published Sep 16, 2024
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication... Critical Unreviewed
CVE-2024-8956 was published Sep 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database