Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

19,859 advisories

Loading
In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that... Critical Unreviewed
CVE-2024-6795 was published Sep 9, 2024
HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System ... Critical Unreviewed
CVE-2024-42500 was published Sep 9, 2024
Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in... Critical Unreviewed
CVE-2024-44849 was published Sep 9, 2024
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at ... Critical Unreviewed
CVE-2024-44721 was published Sep 9, 2024
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to... Critical Unreviewed
CVE-2024-37288 was published Sep 9, 2024
Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality,... Critical Unreviewed
CVE-2024-8584 was published Sep 9, 2024
A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220.... Critical Unreviewed
CVE-2024-8580 was published Sep 8, 2024
The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter... Critical Unreviewed
CVE-2024-6924 was published Sep 8, 2024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account... Critical Unreviewed
CVE-2024-42024 was published Sep 7, 2024
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to... Critical Unreviewed
CVE-2024-39714 was published Sep 7, 2024
A deserialization of untrusted data vulnerability with a malicious payload can allow an... Critical Unreviewed
CVE-2024-40711 was published Sep 7, 2024
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service... Critical Unreviewed
CVE-2024-42019 was published Sep 7, 2024
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM... Critical Unreviewed
CVE-2024-38650 was published Sep 7, 2024
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username... Critical Unreviewed
CVE-2024-44838 was published Sep 7, 2024
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password... Critical Unreviewed
CVE-2024-45771 was published Sep 7, 2024
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid... Critical Unreviewed
CVE-2024-44839 was published Sep 7, 2024
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and... Critical Unreviewed
CVE-2024-8517 was published Sep 6, 2024
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to... Critical Unreviewed
CVE-2024-45758 was published Sep 6, 2024
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. Critical Unreviewed
CVE-2024-44402 was published Sep 6, 2024
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the... Critical Unreviewed
CVE-2024-44401 was published Sep 6, 2024
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to... Critical Unreviewed
CVE-2024-7493 was published Sep 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-6445 was published Sep 6, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord... Critical Unreviewed
CVE-2024-1744 was published Sep 6, 2024
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-8292 was published Sep 6, 2024
An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in... Critical Unreviewed
CVE-2024-45158 was published Sep 5, 2024
ProTip! Advisories are also available from the GraphQL API