GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
23,103 advisories
Filter by severity
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww...
Critical
Unreviewed
CVE-2024-7104
was published
Sep 16, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-6401
was published
Sep 16, 2024
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure...
Critical
Unreviewed
CVE-2024-7098
was published
Sep 16, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties...
Critical
Unreviewed
CVE-2024-46937
was published
Sep 16, 2024
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org...
Critical
Unreviewed
CVE-2024-46918
was published
Sep 16, 2024
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the...
Critical
Unreviewed
CVE-2024-46958
was published
Sep 16, 2024
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the...
Critical
Unreviewed
CVE-2024-46451
was published
Sep 16, 2024
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer...
Critical
Unreviewed
CVE-2024-45695
was published
Sep 16, 2024
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer...
Critical
Unreviewed
CVE-2024-45694
was published
Sep 16, 2024
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is...
Critical
Unreviewed
CVE-2024-45697
was published
Sep 16, 2024
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg...
Critical
Unreviewed
CVE-2024-46419
was published
Sep 16, 2024
Improper permission configurationDomain configuration vulnerability of the mobile application ...
Critical
Unreviewed
CVE-2024-8039
was published
Sep 16, 2024
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-8669
was published
Sep 16, 2024
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker...
Critical
Unreviewed
CVE-2024-44430
was published
Sep 13, 2024
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted...
Critical
Unreviewed
CVE-2024-41874
was published
Sep 13, 2024
ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the...
Critical
Unreviewed
CVE-2024-34334
was published
Sep 12, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7...
Critical
Unreviewed
CVE-2024-6678
was published
Sep 12, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be...
Critical
Unreviewed
CVE-2024-8695
was published
Sep 12, 2024
CVE-2024-45823 IMPACT
An
authentication bypass vulnerability exists in the affected product....
Critical
Unreviewed
CVE-2024-45823
was published
Sep 12, 2024
No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command...
Critical
Unreviewed
CVE-2024-40457
was published
Sep 12, 2024
CVE-2024-45824 IMPACT
A remote
code vulnerability exists in the affected products. The...
Critical
Unreviewed
CVE-2024-45824
was published
Sep 12, 2024
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution...
Critical
Unreviewed
CVE-2024-28991
was published
Sep 12, 2024
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the...
Critical
Unreviewed
CVE-2024-8529
was published
Sep 12, 2024
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the...
Critical
Unreviewed
CVE-2024-8522
was published
Sep 12, 2024
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a...
Critical
Unreviewed
CVE-2024-32845
was published
Sep 12, 2024
ProTip!
Advisories are also available from the
GraphQL API