GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
96,737 advisories
Filter by severity
In Baxter Connex health portal released before 8/30/2024, an improper access control...
High
Unreviewed
CVE-2024-6796
was published
Sep 9, 2024
AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url...
High
Unreviewed
CVE-2024-44724
was published
Sep 9, 2024
AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at...
High
Unreviewed
CVE-2024-44725
was published
Sep 9, 2024
Keycloak Session Fixation vulnerability
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
Twig has a possible sandbox bypass
High
CVE-2024-45411
was published
for
twig/twig
(Composer)
Sep 9, 2024
path-to-regexp outputs backtracking regular expressions
High
CVE-2024-45296
was published
for
path-to-regexp
(npm)
Sep 9, 2024
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04...
High
Unreviewed
CVE-2024-44334
was published
Sep 9, 2024
D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04...
High
Unreviewed
CVE-2024-44335
was published
Sep 9, 2024
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04...
High
Unreviewed
CVE-2024-44333
was published
Sep 9, 2024
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe...
High
Unreviewed
CVE-2024-44720
was published
Sep 9, 2024
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization...
High
Unreviewed
CVE-2024-7015
was published
Sep 9, 2024
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to...
High
Unreviewed
CVE-2024-8601
was published
Sep 9, 2024
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as...
High
Unreviewed
CVE-2024-8578
was published
Sep 8, 2024
A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220...
High
Unreviewed
CVE-2024-8579
was published
Sep 8, 2024
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207...
High
Unreviewed
CVE-2024-8577
was published
Sep 8, 2024
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical....
High
Unreviewed
CVE-2024-8575
was published
Sep 8, 2024
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207...
High
Unreviewed
CVE-2024-8576
was published
Sep 8, 2024
A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10...
High
Unreviewed
CVE-2024-8573
was published
Sep 8, 2024
An improper input validation vulnerability that allows a low-privileged user to remotely remove...
High
Unreviewed
CVE-2024-39718
was published
Sep 7, 2024
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML...
High
Unreviewed
CVE-2024-42020
was published
Sep 7, 2024
An improper certificate validation vulnerability in TLS certificate validation allows an attacker...
High
Unreviewed
CVE-2024-40714
was published
Sep 7, 2024
An improper access control vulnerability allows an attacker with valid access tokens to access...
High
Unreviewed
CVE-2024-42021
was published
Sep 7, 2024
A server side request forgery vulnerability allows a low-privileged user to perform local...
High
Unreviewed
CVE-2024-40718
was published
Sep 7, 2024
An improper access control vulnerability allows low-privileged users to execute code with...
High
Unreviewed
CVE-2024-42023
was published
Sep 7, 2024
ProTip!
Advisories are also available from the
GraphQL API