Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

248,535 advisories

Loading
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed
CVE-2024-8853 was published Sep 20, 2024
An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the... Unknown Unreviewed
CVE-2024-41721 was published Sep 20, 2024
Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the... Moderate Unreviewed
CVE-2024-46049 was published Sep 13, 2024
A vulnerability, which was classified as critical, was found in code-projects Crud Operation... Moderate Unreviewed
CVE-2024-9011 was published Sep 20, 2024
There is a difficult to exploit improper authentication issue in the Home application for Esri... High Unreviewed
CVE-2024-25699 was published Apr 4, 2024
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. Moderate Unreviewed
CVE-2024-46044 was published Sep 13, 2024
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function. Moderate Unreviewed
CVE-2024-46046 was published Sep 13, 2024
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. Moderate Unreviewed
CVE-2024-46045 was published Sep 13, 2024
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function. Moderate Unreviewed
CVE-2024-46047 was published Sep 13, 2024
Certain models of D-Link wireless routers do not properly validate user input in the telnet... High Unreviewed
CVE-2024-45698 was published Sep 16, 2024
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0.... Moderate Unreviewed
CVE-2024-9008 was published Sep 20, 2024
A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients... High Unreviewed
CVE-2024-7207 was published Sep 20, 2024
A vulnerability, which was classified as critical, has been found in code-projects Online Quiz... Moderate Unreviewed
CVE-2024-9009 was published Sep 20, 2024
A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This... Moderate Unreviewed
CVE-2024-9007 was published Sep 20, 2024
A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected... Moderate Unreviewed
CVE-2024-9006 was published Sep 20, 2024
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2024-2381 was published Jun 19, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability High Unreviewed
CVE-2024-38210 was published Aug 23, 2024
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-4450 was published Jun 19, 2024
Microsoft Edge (HTML-based) Memory Corruption Vulnerability Moderate Unreviewed
CVE-2024-38207 was published Aug 24, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability High Unreviewed
CVE-2024-38209 was published Aug 23, 2024
Wagtail regular expression denial-of-service via search query parsing Moderate
CVE-2024-39317 was published for wagtail (pip) Jul 11, 2024
RealOrangeOne
CoreDNS Cache Poisoning via a birthday attack Low
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk patrykgruszka
escopecz rafibz007
Lunary Improper Authentication vulnerability Moderate
CVE-2024-6582 was published for lunary (npm) Sep 13, 2024
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3... High Unreviewed
CVE-2023-46382 was published Nov 5, 2023
ProTip! Advisories are also available from the GraphQL API