GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,018
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,150
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
95,326 advisories
Filter by severity
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as...
High
Unreviewed
CVE-2024-7178
was published
Jul 29, 2024
A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102....
High
Unreviewed
CVE-2024-7180
was published
Jul 29, 2024
A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu...
High
Unreviewed
CVE-2024-7173
was published
Jul 29, 2024
A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102....
High
Unreviewed
CVE-2024-7172
was published
Jul 29, 2024
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical....
High
Unreviewed
CVE-2024-7176
was published
Jul 29, 2024
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as...
High
Unreviewed
CVE-2024-7179
was published
Jul 29, 2024
A validated user not explicitly authorized to have access to certain sensitive information could...
High
Unreviewed
CVE-2023-40159
was published
Jul 18, 2024
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C...
High
Unreviewed
CVE-2024-0912
was published
Jun 6, 2024
Philips Vue PACS uses default credentials for potentially critical functionality.
High
Unreviewed
CVE-2023-40704
was published
Jul 18, 2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding...
High
Unreviewed
CVE-2024-21586
was published
Jul 1, 2024
Apache StreamPipes has potential remote code execution (RCE) via file upload
High
CVE-2024-31411
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
Snipe-IT allows users to promote or demote themselves or other users
High
CVE-2024-5685
was published
for
snipe/snipe-it
(Composer)
Jun 14, 2024
Directus Allows Single Sign-On User Enumeration
High
CVE-2024-39896
was published
for
directus
(npm)
Jul 8, 2024
AdGuardHome privilege escalation vulnerability
High
CVE-2024-36586
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Jun 13, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Rancher 'Audit Log' leaks sensitive information
High
CVE-2023-22649
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass
High
CVE-2024-29891
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
snapd Race Condition vulnerability
High
CVE-2022-3328
was published
for
github.com/snapcore/snapd
(Go)
Jan 8, 2024
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability
High
CVE-2024-33862
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jul 6, 2024
Grafana Stored Cross-site Scripting in Unified Alerting
High
CVE-2022-31097
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The...
High
Unreviewed
CVE-2024-37999
was published
Jul 8, 2024
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
High
CVE-2024-28197
was published
for
github.com/zitadel/zitadel
(Go)
Mar 11, 2024
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
High
CVE-2021-25318
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
ProTip!
Advisories are also available from the
GraphQL API