Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

97,433 advisories

Loading
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due... High Unreviewed
CVE-2024-8981 was published Oct 1, 2024
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If... High Unreviewed
CVE-2024-47560 was published Oct 1, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-9194 was published Oct 1, 2024
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force... High Unreviewed
CVE-2024-7672 was published Sep 30, 2024
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force... High Unreviewed
CVE-2024-7673 was published Sep 30, 2024
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a... High Unreviewed
CVE-2024-7675 was published Sep 30, 2024
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force... High Unreviewed
CVE-2024-7674 was published Sep 30, 2024
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can... High Unreviewed
CVE-2024-7671 was published Sep 30, 2024
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force... High Unreviewed
CVE-2024-7670 was published Sep 30, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local... High Unreviewed
CVE-2024-28812 was published Sep 30, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the ... High Unreviewed
CVE-2024-28813 was published Sep 30, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in... High Unreviewed
CVE-2024-28809 was published Sep 30, 2024
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows... High Unreviewed
CVE-2024-46549 was published Sep 30, 2024
ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in... High Unreviewed
CVE-2024-46510 was published Sep 30, 2024
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an... High Unreviewed
CVE-2024-9158 was published Sep 30, 2024
basic-auth-connect's callback uses time unsafe string comparison High
CVE-2024-47178 was published for basic-auth-connect (npm) Sep 30, 2024
UlisesGascon ctcpip
AdamKorcz blakeembrey
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 dronex7070
d-maurer
TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm... High Unreviewed
CVE-2024-46313 was published Sep 30, 2024
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service... High Unreviewed
CVE-2024-46280 was published Sep 30, 2024
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within... High Unreviewed
CVE-2024-8459 was published Sep 30, 2024
Certain switch models from PLANET Technology have a web application that is vulnerable to Cross... High Unreviewed
CVE-2024-8458 was published Sep 30, 2024
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain... High Unreviewed
CVE-2024-8455 was published Sep 30, 2024
Certain switch models from PLANET Technology only support obsolete algorithms for authentication... High Unreviewed
CVE-2024-8452 was published Sep 30, 2024
Certain switch models from PLANET Technology have an SSH service that improperly handles... High Unreviewed
CVE-2024-8451 was published Sep 30, 2024
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The... High Unreviewed
CVE-2024-6394 was published Sep 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database