GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
95,358 advisories
Filter by severity
The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in...
High
Unreviewed
CVE-2024-6522
was published
Aug 7, 2024
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy...
High
Unreviewed
CVE-2024-7266
was published
Aug 7, 2024
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy...
High
Unreviewed
CVE-2024-7265
was published
Aug 7, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared...
High
Unreviewed
CVE-2024-5290
was published
Aug 7, 2024
Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote...
High
Unreviewed
CVE-2024-36132
was published
Aug 7, 2024
An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an...
High
Unreviewed
CVE-2024-36131
was published
Aug 7, 2024
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard...
High
Unreviewed
CVE-2017-12741
was published
May 13, 2022
A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as...
High
Unreviewed
CVE-2024-7157
was published
Jul 28, 2024
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as...
High
Unreviewed
CVE-2024-7178
was published
Jul 29, 2024
A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102....
High
Unreviewed
CVE-2024-7180
was published
Jul 29, 2024
A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu...
High
Unreviewed
CVE-2024-7173
was published
Jul 29, 2024
A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102....
High
Unreviewed
CVE-2024-7172
was published
Jul 29, 2024
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical....
High
Unreviewed
CVE-2024-7176
was published
Jul 29, 2024
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as...
High
Unreviewed
CVE-2024-7179
was published
Jul 29, 2024
A validated user not explicitly authorized to have access to certain sensitive information could...
High
Unreviewed
CVE-2023-40159
was published
Jul 18, 2024
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C...
High
Unreviewed
CVE-2024-0912
was published
Jun 6, 2024
Philips Vue PACS uses default credentials for potentially critical functionality.
High
Unreviewed
CVE-2023-40704
was published
Jul 18, 2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding...
High
Unreviewed
CVE-2024-21586
was published
Jul 1, 2024
Apache StreamPipes has potential remote code execution (RCE) via file upload
High
CVE-2024-31411
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jul 17, 2024
Snipe-IT allows users to promote or demote themselves or other users
High
CVE-2024-5685
was published
for
snipe/snipe-it
(Composer)
Jun 14, 2024
Directus Allows Single Sign-On User Enumeration
High
CVE-2024-39896
was published
for
directus
(npm)
Jul 8, 2024
AdGuardHome privilege escalation vulnerability
High
CVE-2024-36586
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Jun 13, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Rancher 'Audit Log' leaks sensitive information
High
CVE-2023-22649
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
ProTip!
Advisories are also available from the
GraphQL API