Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

19,400 advisories

Loading
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and... Critical Unreviewed
CVE-2024-4879 was published Jul 10, 2024
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows... Critical Unreviewed
CVE-2024-6527 was published Jul 9, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).... Critical Unreviewed
CVE-2024-39872 was published Jul 9, 2024
The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for... Critical Unreviewed
CVE-2024-7350 was published Aug 8, 2024
A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1... Critical Unreviewed
CVE-2024-40414 was published Jul 15, 2024
The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to... Critical Unreviewed
CVE-2024-29303 was published Mar 26, 2024
A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1... Critical Unreviewed
CVE-2024-40415 was published Jul 15, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39226 was published Aug 6, 2024
iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail... Critical Unreviewed
CVE-2024-38462 was published Jun 16, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39225 was published Aug 6, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39228 was published Aug 6, 2024
Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of... Critical Unreviewed
CVE-2024-38439 was published Jun 16, 2024
SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. Critical Unreviewed
CVE-2024-34479 was published Aug 7, 2024
An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa... Critical Unreviewed
CVE-2024-41247 was published Aug 7, 2024
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72... Critical Unreviewed
CVE-2024-6995 was published Aug 6, 2024
OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote... Critical Unreviewed
CVE-2024-28048 was published Mar 26, 2024
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,... Critical Unreviewed
CVE-2024-28009 was published Mar 28, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39227 was published Aug 6, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly... Critical Unreviewed
CVE-2024-38887 was published Aug 2, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly... Critical Unreviewed
CVE-2024-38891 was published Aug 2, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password. Critical Unreviewed
CVE-2024-38466 was published Jun 16, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the... Critical Unreviewed
CVE-2024-38468 was published Jun 16, 2024
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type. Critical Unreviewed
CVE-2024-42458 was published Aug 2, 2024
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the... Critical Unreviewed
CVE-2024-37635 was published Jun 13, 2024
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300... Critical Unreviewed
CVE-2024-20454 was published Aug 7, 2024
ProTip! Advisories are also available from the GraphQL API