Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

96,737 advisories

Loading
In Baxter Connex health portal released before 8/30/2024, an improper access control... High Unreviewed
CVE-2024-6796 was published Sep 9, 2024
AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url... High Unreviewed
CVE-2024-44724 was published Sep 9, 2024
AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at... High Unreviewed
CVE-2024-44725 was published Sep 9, 2024
Keycloak Session Fixation vulnerability High
CVE-2024-7341 was published for org.keycloak:keycloak-services (Maven) Sep 9, 2024
Twig has a possible sandbox bypass High
CVE-2024-45411 was published for twig/twig (Composer) Sep 9, 2024
fabpot
path-to-regexp outputs backtracking regular expressions High
CVE-2024-45296 was published for path-to-regexp (npm) Sep 9, 2024
blakeembrey ctcpip
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04... High Unreviewed
CVE-2024-44334 was published Sep 9, 2024
D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04... High Unreviewed
CVE-2024-44335 was published Sep 9, 2024
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04... High Unreviewed
CVE-2024-44333 was published Sep 9, 2024
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe... High Unreviewed
CVE-2024-44720 was published Sep 9, 2024
External Secrets Operator vulnerable to privilege escalation High
CVE-2024-45041 was published for github.com/external-secrets/external-secrets (Go) Sep 9, 2024
younaman
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization... High Unreviewed
CVE-2024-7015 was published Sep 9, 2024
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to... High Unreviewed
CVE-2024-8601 was published Sep 9, 2024
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as... High Unreviewed
CVE-2024-8578 was published Sep 8, 2024
A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220... High Unreviewed
CVE-2024-8579 was published Sep 8, 2024
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207... High Unreviewed
CVE-2024-8577 was published Sep 8, 2024
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical.... High Unreviewed
CVE-2024-8575 was published Sep 8, 2024
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207... High Unreviewed
CVE-2024-8576 was published Sep 8, 2024
A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10... High Unreviewed
CVE-2024-8573 was published Sep 8, 2024
An improper input validation vulnerability that allows a low-privileged user to remotely remove... High Unreviewed
CVE-2024-39718 was published Sep 7, 2024
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML... High Unreviewed
CVE-2024-42020 was published Sep 7, 2024
An improper certificate validation vulnerability in TLS certificate validation allows an attacker... High Unreviewed
CVE-2024-40714 was published Sep 7, 2024
An improper access control vulnerability allows an attacker with valid access tokens to access... High Unreviewed
CVE-2024-42021 was published Sep 7, 2024
A server side request forgery vulnerability allows a low-privileged user to perform local... High Unreviewed
CVE-2024-40718 was published Sep 7, 2024
An improper access control vulnerability allows low-privileged users to execute code with... High Unreviewed
CVE-2024-42023 was published Sep 7, 2024
ProTip! Advisories are also available from the GraphQL API