GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
248,535 advisories
Filter by severity
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-8853
was published
Sep 20, 2024
An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the...
Unknown
Unreviewed
CVE-2024-41721
was published
Sep 20, 2024
Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the...
Moderate
Unreviewed
CVE-2024-46049
was published
Sep 13, 2024
A vulnerability, which was classified as critical, was found in code-projects Crud Operation...
Moderate
Unreviewed
CVE-2024-9011
was published
Sep 20, 2024
There is a difficult to exploit improper authentication issue in the Home application for Esri...
High
Unreviewed
CVE-2024-25699
was published
Apr 4, 2024
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.
Moderate
Unreviewed
CVE-2024-46044
was published
Sep 13, 2024
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.
Moderate
Unreviewed
CVE-2024-46046
was published
Sep 13, 2024
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
Moderate
Unreviewed
CVE-2024-46045
was published
Sep 13, 2024
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function.
Moderate
Unreviewed
CVE-2024-46047
was published
Sep 13, 2024
Certain models of D-Link wireless routers do not properly validate user input in the telnet...
High
Unreviewed
CVE-2024-45698
was published
Sep 16, 2024
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0....
Moderate
Unreviewed
CVE-2024-9008
was published
Sep 20, 2024
A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients...
High
Unreviewed
CVE-2024-7207
was published
Sep 20, 2024
A vulnerability, which was classified as critical, has been found in code-projects Online Quiz...
Moderate
Unreviewed
CVE-2024-9009
was published
Sep 20, 2024
A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This...
Moderate
Unreviewed
CVE-2024-9007
was published
Sep 20, 2024
A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected...
Moderate
Unreviewed
CVE-2024-9006
was published
Sep 20, 2024
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary...
High
Unreviewed
CVE-2024-2381
was published
Jun 19, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-38210
was published
Aug 23, 2024
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized...
Moderate
Unreviewed
CVE-2024-4450
was published
Jun 19, 2024
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Moderate
Unreviewed
CVE-2024-38207
was published
Aug 24, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-38209
was published
Aug 23, 2024
Wagtail regular expression denial-of-service via search query parsing
Moderate
CVE-2024-39317
was published
for
wagtail
(pip)
Jul 11, 2024
CoreDNS Cache Poisoning via a birthday attack
Low
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
Mautic allows users enumeration due to weak password login
Moderate
CVE-2024-47059
was published
for
mautic/core
(Composer)
Sep 18, 2024
Lunary Improper Authentication vulnerability
Moderate
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3...
High
Unreviewed
CVE-2023-46382
was published
Nov 5, 2023
ProTip!
Advisories are also available from the
GraphQL API