Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,046
Maven
5,000+
npm
3,737
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,903 advisories

Loading
DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console... Critical Unreviewed
CVE-2024-41579 was published Dec 5, 2024
Oxide control plane software before 5 allows SSRF. Critical Unreviewed
CVE-2023-50913 was published Dec 5, 2024
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. Critical Unreviewed
CVE-2024-53442 was published Dec 5, 2024
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized... Critical Unreviewed
CVE-2024-51550 was published Dec 5, 2024
Username Enumeration vulnerabilities allow access to application level username add, delete,... Critical Unreviewed
CVE-2024-51545 was published Dec 5, 2024
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to... Critical Unreviewed
CVE-2024-6516 was published Dec 5, 2024
Default Credentail vulnerabilities allows access to an Aspect device using publicly available... Critical Unreviewed
CVE-2024-51555 was published Dec 5, 2024
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly... Critical Unreviewed
CVE-2024-51551 was published Dec 5, 2024
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.... Critical Unreviewed
CVE-2024-51549 was published Dec 5, 2024
Unauthorized Access vulnerabilities allow Remote Code Execution.  Affected products: ABB ASPECT... Critical Unreviewed
CVE-2024-48840 was published Dec 5, 2024
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of... Critical Unreviewed
CVE-2024-48845 was published Dec 5, 2024
Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB... Critical Unreviewed
CVE-2024-48839 was published Dec 5, 2024
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login... Critical Unreviewed
CVE-2024-11317 was published Dec 5, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-54221 was published Dec 5, 2024
In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root... Critical Unreviewed
CVE-2018-9416 was published Dec 5, 2024
An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2024-48453 was published Dec 4, 2024
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions... Critical Unreviewed
CVE-2024-40744 was published Dec 4, 2024
Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an... Critical Unreviewed
CVE-2024-10576 was published Dec 4, 2024
readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. Critical Unreviewed
CVE-2024-54661 was published Dec 4, 2024
Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code. Critical Unreviewed
CVE-2024-51363 was published Dec 4, 2024
An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port... Critical Unreviewed
CVE-2024-52544 was published Dec 3, 2024
In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect... Critical Unreviewed
CVE-2018-9430 was published Dec 3, 2024
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization... Critical Unreviewed
CVE-2024-53477 was published Dec 2, 2024
ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php. Critical Unreviewed
CVE-2024-52724 was published Dec 2, 2024
Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard... Critical Unreviewed
CVE-2024-53484 was published Dec 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database