GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
671 advisories
Filter by severity
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This...
Critical
Unreviewed
CVE-2024-7591
was published
Sep 5, 2024
Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise,...
Critical
Unreviewed
CVE-2023-0636
was published
Jul 6, 2023
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify...
Critical
Unreviewed
CVE-2024-8889
was published
Sep 18, 2024
Due to an improper input validation, an unauthenticated threat actor can send a malicious message...
Critical
Unreviewed
CVE-2024-5989
was published
Jun 25, 2024
Due to an improper input validation, an unauthenticated threat actor can send a malicious message...
Critical
Unreviewed
CVE-2024-5988
was published
Jun 25, 2024
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow...
Critical
Unreviewed
CVE-2022-47966
was published
Jan 18, 2023
Atlassian has been made aware of an issue reported by a handful of customers where external...
Critical
Unreviewed
CVE-2023-22515
was published
Oct 4, 2023
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application...
Critical
Unreviewed
CVE-2024-8073
was published
Aug 26, 2024
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available...
Critical
Unreviewed
CVE-2023-45163
was published
Nov 6, 2023
The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on...
Critical
Unreviewed
CVE-2023-45161
was published
Nov 6, 2023
An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2024-44808
was published
Sep 4, 2024
A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0,...
Critical
Unreviewed
CVE-2024-44809
was published
Sep 4, 2024
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote...
Critical
Unreviewed
CVE-2024-0864
was published
Feb 29, 2024
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™...
Critical
Unreviewed
CVE-2024-7988
was published
Aug 26, 2024
Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live...
Critical
Unreviewed
CVE-2024-42531
was published
Aug 23, 2024
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input...
Critical
Unreviewed
CVE-2024-45167
was published
Aug 22, 2024
In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve...
Critical
Unreviewed
CVE-2024-23717
was published
Mar 11, 2024
An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial...
Critical
Unreviewed
CVE-2023-47003
was published
Nov 16, 2023
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network...
Critical
Unreviewed
CVE-2024-21810
was published
Aug 14, 2024
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application...
Critical
Unreviewed
CVE-2024-41940
was published
Aug 13, 2024
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can...
Critical
Unreviewed
CVE-2024-35161
was published
Jul 26, 2024
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type.
Critical
Unreviewed
CVE-2024-42458
was published
Aug 2, 2024
Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on...
Critical
Unreviewed
CVE-2024-6298
was published
Jul 5, 2024
JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7...
Critical
Unreviewed
CVE-2024-6915
was published
Aug 5, 2024
Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow....
Critical
Unreviewed
CVE-2024-5171
was published
Jun 5, 2024
ProTip!
Advisories are also available from the
GraphQL API