GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19,859 advisories
Filter by severity
Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub...
Critical
Unreviewed
CVE-2024-43102
was published
Sep 5, 2024
Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via...
Critical
Unreviewed
CVE-2024-24216
was published
Feb 8, 2024
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of...
Critical
Unreviewed
CVE-2024-8463
was published
Sep 5, 2024
SQL injection vulnerability, by which an attacker could send a specially designed query through...
Critical
Unreviewed
CVE-2024-8464
was published
Sep 5, 2024
SQL injection vulnerability, by which an attacker could send a specially designed query through...
Critical
Unreviewed
CVE-2024-8467
was published
Sep 5, 2024
SQL injection vulnerability, by which an attacker could send a specially designed query through...
Critical
Unreviewed
CVE-2024-8469
was published
Sep 5, 2024
SQL injection vulnerability, by which an attacker could send a specially designed query through...
Critical
Unreviewed
CVE-2024-8468
was published
Sep 5, 2024
SQL injection vulnerability, by which an attacker could send a specially designed query through...
Critical
Unreviewed
CVE-2024-8470
was published
Sep 5, 2024
SQL injection vulnerability, by which an attacker could send a specially designed query through...
Critical
Unreviewed
CVE-2024-8466
was published
Sep 5, 2024
SQL injection vulnerability, by which an attacker could send a specially designed query through...
Critical
Unreviewed
CVE-2024-8465
was published
Sep 5, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-7076
was published
Sep 4, 2024
qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0...
Critical
Unreviewed
CVE-2024-25722
was published
Feb 11, 2024
Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection...
Critical
Unreviewed
CVE-2024-24091
was published
Feb 8, 2024
Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which...
Critical
Unreviewed
CVE-2023-47455
was published
Nov 14, 2023
Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by...
Critical
Unreviewed
CVE-2023-47456
was published
Nov 14, 2023
The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on...
Critical
Unreviewed
CVE-2023-45161
was published
Nov 6, 2023
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available...
Critical
Unreviewed
CVE-2023-45163
was published
Nov 6, 2023
The product does not validate any query towards persistent
data, resulting in a risk of injection...
Critical
Unreviewed
CVE-2024-4872
was published
Aug 27, 2024
Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into...
Critical
Unreviewed
CVE-2024-29864
was published
Mar 21, 2024
An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2024-44808
was published
Sep 4, 2024
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via...
Critical
Unreviewed
CVE-2023-29974
was published
Nov 8, 2023
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute...
Critical
Unreviewed
CVE-2023-36177
was published
Jan 24, 2024
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1....
Critical
Unreviewed
CVE-2023-49103
was published
Nov 22, 2023
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter...
Critical
Unreviewed
CVE-2024-6926
was published
Sep 4, 2024
An authentication bypass vulnerability has been identified in Foreman when deployed with External...
Critical
Unreviewed
CVE-2024-7012
was published
Sep 4, 2024
ProTip!
Advisories are also available from the
GraphQL API