GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,216
Composer 4,107
Erlang 29
GitHub Actions 19
Go 1,925
Maven 5,117
npm 3,659
NuGet 638
pip 3,264
Pub 10
RubyGems 873
Rust 823
Swift 35

Unreviewed advisories

All unreviewed 229,595

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

23,103 advisories

Filter by severity

Sort by

Least recently updated

Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww... Critical Unreviewed

CVE-2024-7104 was published Sep 16, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-6401 was published Sep 16, 2024

Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure... Critical Unreviewed

CVE-2024-7098 was published Sep 16, 2024

An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties... Critical Unreviewed

CVE-2024-46937 was published Sep 16, 2024

app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org... Critical Unreviewed

CVE-2024-46918 was published Sep 16, 2024

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the... Critical Unreviewed

CVE-2024-46958 was published Sep 16, 2024

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the... Critical Unreviewed

CVE-2024-46451 was published Sep 16, 2024

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer... Critical Unreviewed

CVE-2024-45695 was published Sep 16, 2024

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer... Critical Unreviewed

CVE-2024-45694 was published Sep 16, 2024

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is... Critical Unreviewed

CVE-2024-45697 was published Sep 16, 2024

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg... Critical Unreviewed

CVE-2024-46419 was published Sep 16, 2024

Improper permission configurationDomain configuration vulnerability of the mobile application ... Critical Unreviewed

CVE-2024-8039 was published Sep 16, 2024

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL... Critical Unreviewed

CVE-2024-8669 was published Sep 16, 2024

SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker... Critical Unreviewed

CVE-2024-44430 was published Sep 13, 2024

ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted... Critical Unreviewed

CVE-2024-41874 was published Sep 13, 2024

ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed

CVE-2024-34334 was published Sep 12, 2024

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7... Critical Unreviewed

CVE-2024-6678 was published Sep 12, 2024

A remote code execution (RCE) vulnerability via crafted extension description/changelog could be... Critical Unreviewed

CVE-2024-8695 was published Sep 12, 2024

CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product.... Critical Unreviewed

CVE-2024-45823 was published Sep 12, 2024

No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command... Critical Unreviewed

CVE-2024-40457 was published Sep 12, 2024

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The... Critical Unreviewed

CVE-2024-45824 was published Sep 12, 2024

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution... Critical Unreviewed

CVE-2024-28991 was published Sep 12, 2024

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the... Critical Unreviewed

CVE-2024-8529 was published Sep 12, 2024

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the... Critical Unreviewed

CVE-2024-8522 was published Sep 12, 2024

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a... Critical Unreviewed

CVE-2024-32845 was published Sep 12, 2024

Previous 1 2 … 5 6 7 8 9 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

23,103 advisories