Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,944 advisories

Loading
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8... Critical Unreviewed
CVE-2024-35367 was published Nov 29, 2024
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at ... Critical Unreviewed
CVE-2024-53505 was published Nov 29, 2024
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the... Critical Unreviewed
CVE-2024-36622 was published Nov 29, 2024
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are... Critical Unreviewed
CVE-2024-52777 was published Nov 29, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated... Critical Unreviewed
CVE-2024-49803 was published Nov 29, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials,... Critical Unreviewed
CVE-2024-49805 was published Nov 29, 2024
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are... Critical Unreviewed
CVE-2024-52780 was published Nov 29, 2024
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are... Critical Unreviewed
CVE-2024-52781 was published Nov 29, 2024
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are... Critical Unreviewed
CVE-2024-52778 was published Nov 29, 2024
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are... Critical Unreviewed
CVE-2024-52782 was published Nov 29, 2024
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are... Critical Unreviewed
CVE-2024-52779 was published Nov 29, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials,... Critical Unreviewed
CVE-2024-49806 was published Nov 29, 2024
Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an... Critical Unreviewed
CVE-2024-48406 was published Nov 29, 2024
nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the... Critical Unreviewed
CVE-2024-36671 was published Nov 29, 2024
Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could... Critical Unreviewed
CVE-2024-11992 was published Nov 29, 2024
FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are... Critical Unreviewed
CVE-2024-50357 was published Nov 29, 2024
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and... Critical Unreviewed
CVE-2024-11482 was published Nov 29, 2024
Certain modes of in-vehicle routers from Billion Electric have a Missing Authentication... Critical Unreviewed
CVE-2024-11980 was published Nov 29, 2024
DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11979 was published Nov 29, 2024
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package... Critical Unreviewed
CVE-2024-52338 was published Nov 28, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-52474 was published Nov 28, 2024
The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is... Critical Unreviewed
CVE-2024-8672 was published Nov 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform... Critical Unreviewed
CVE-2024-52475 was published Nov 28, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web... Critical Unreviewed
CVE-2024-52490 was published Nov 28, 2024
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account... Critical Unreviewed
CVE-2024-11103 was published Nov 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database