GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19,966 advisories
Filter by severity
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at ...
Critical
Unreviewed
CVE-2024-44721
was published
Sep 9, 2024
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to...
Critical
Unreviewed
CVE-2024-37288
was published
Sep 9, 2024
Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality,...
Critical
Unreviewed
CVE-2024-8584
was published
Sep 9, 2024
A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220....
Critical
Unreviewed
CVE-2024-8580
was published
Sep 8, 2024
The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a...
Critical
Unreviewed
CVE-2024-6928
was published
Sep 8, 2024
The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter...
Critical
Unreviewed
CVE-2024-6924
was published
Sep 8, 2024
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to...
Critical
Unreviewed
CVE-2024-39714
was published
Sep 7, 2024
A deserialization of untrusted data vulnerability with a malicious payload can allow an...
Critical
Unreviewed
CVE-2024-40711
was published
Sep 7, 2024
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service...
Critical
Unreviewed
CVE-2024-42019
was published
Sep 7, 2024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account...
Critical
Unreviewed
CVE-2024-42024
was published
Sep 7, 2024
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM...
Critical
Unreviewed
CVE-2024-38650
was published
Sep 7, 2024
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid...
Critical
Unreviewed
CVE-2024-44839
was published
Sep 7, 2024
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password...
Critical
Unreviewed
CVE-2024-45771
was published
Sep 7, 2024
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username...
Critical
Unreviewed
CVE-2024-44838
was published
Sep 7, 2024
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and...
Critical
Unreviewed
CVE-2024-8517
was published
Sep 6, 2024
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to...
Critical
Unreviewed
CVE-2024-45758
was published
Sep 6, 2024
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.
Critical
Unreviewed
CVE-2024-44402
was published
Sep 6, 2024
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the...
Critical
Unreviewed
CVE-2024-44401
was published
Sep 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-6445
was published
Sep 6, 2024
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to...
Critical
Unreviewed
CVE-2024-7493
was published
Sep 6, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord...
Critical
Unreviewed
CVE-2024-1744
was published
Sep 6, 2024
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-8292
was published
Sep 6, 2024
FlyCASS CASS and KCM systems did not correctly filter SQL queries, which
made them vulnerable to...
Critical
Unreviewed
CVE-2024-8395
was published
Sep 5, 2024
An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in...
Critical
Unreviewed
CVE-2024-45158
was published
Sep 5, 2024
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables...
Critical
Unreviewed
CVE-2024-45159
was published
Sep 5, 2024
ProTip!
Advisories are also available from the
GraphQL API