GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
97,433 advisories
Filter by severity
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due...
High
Unreviewed
CVE-2024-8981
was published
Oct 1, 2024
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If...
High
Unreviewed
CVE-2024-47560
was published
Oct 1, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2024-9194
was published
Oct 1, 2024
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force...
High
Unreviewed
CVE-2024-7672
was published
Sep 30, 2024
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force...
High
Unreviewed
CVE-2024-7673
was published
Sep 30, 2024
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a...
High
Unreviewed
CVE-2024-7675
was published
Sep 30, 2024
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force...
High
Unreviewed
CVE-2024-7674
was published
Sep 30, 2024
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can...
High
Unreviewed
CVE-2024-7671
was published
Sep 30, 2024
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force...
High
Unreviewed
CVE-2024-7670
was published
Sep 30, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local...
High
Unreviewed
CVE-2024-28812
was published
Sep 30, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the ...
High
Unreviewed
CVE-2024-28813
was published
Sep 30, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in...
High
Unreviewed
CVE-2024-28809
was published
Sep 30, 2024
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows...
High
Unreviewed
CVE-2024-46549
was published
Sep 30, 2024
ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in...
High
Unreviewed
CVE-2024-46510
was published
Sep 30, 2024
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an...
High
Unreviewed
CVE-2024-9158
was published
Sep 30, 2024
basic-auth-connect's callback uses time unsafe string comparison
High
CVE-2024-47178
was published
for
basic-auth-connect
(npm)
Sep 30, 2024
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm...
High
Unreviewed
CVE-2024-46313
was published
Sep 30, 2024
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service...
High
Unreviewed
CVE-2024-46280
was published
Sep 30, 2024
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within...
High
Unreviewed
CVE-2024-8459
was published
Sep 30, 2024
Certain switch models from PLANET Technology have a web application that is vulnerable to Cross...
High
Unreviewed
CVE-2024-8458
was published
Sep 30, 2024
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain...
High
Unreviewed
CVE-2024-8455
was published
Sep 30, 2024
Certain switch models from PLANET Technology only support obsolete algorithms for authentication...
High
Unreviewed
CVE-2024-8452
was published
Sep 30, 2024
Certain switch models from PLANET Technology have an SSH service that improperly handles...
High
Unreviewed
CVE-2024-8451
was published
Sep 30, 2024
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The...
High
Unreviewed
CVE-2024-6394
was published
Sep 30, 2024
ProTip!
Advisories are also available from the
GraphQL API