GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,972

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,917 advisories

Filter by severity

Sort by

Least recently updated

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login... Critical Unreviewed

CVE-2024-11317 was published Dec 5, 2024

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of... Critical Unreviewed

CVE-2024-48845 was published Dec 5, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-54221 was published Dec 5, 2024

In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root... Critical Unreviewed

CVE-2018-9416 was published Dec 5, 2024

An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the... Critical Unreviewed

CVE-2024-48453 was published Dec 4, 2024

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions... Critical Unreviewed

CVE-2024-40744 was published Dec 4, 2024

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an... Critical Unreviewed

CVE-2024-10576 was published Dec 4, 2024

readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. Critical Unreviewed

CVE-2024-54661 was published Dec 4, 2024

Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code. Critical Unreviewed

CVE-2024-51363 was published Dec 4, 2024

An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port... Critical Unreviewed

CVE-2024-52544 was published Dec 3, 2024

In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect... Critical Unreviewed

CVE-2018-9430 was published Dec 3, 2024

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization... Critical Unreviewed

CVE-2024-53477 was published Dec 2, 2024

ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php. Critical Unreviewed

CVE-2024-52724 was published Dec 2, 2024

Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard... Critical Unreviewed

CVE-2024-53484 was published Dec 2, 2024

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could... Critical Unreviewed

CVE-2024-8785 was published Dec 2, 2024

Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value... Critical Unreviewed

CVE-2024-52732 was published Dec 2, 2024

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could... Critical Unreviewed

CVE-2024-46909 was published Dec 2, 2024

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels... Critical Unreviewed

CVE-2024-10905 was published Dec 2, 2024

Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds... Critical Unreviewed

CVE-2024-52476 was published Dec 2, 2024

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of... Critical Unreviewed

CVE-2024-35366 was published Nov 29, 2024

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in... Critical Unreviewed

CVE-2024-53506 was published Nov 29, 2024

FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec... Critical Unreviewed

CVE-2024-35368 was published Nov 29, 2024

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in ... Critical Unreviewed

CVE-2024-53504 was published Nov 29, 2024

A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. Critical Unreviewed

CVE-2024-53507 was published Nov 29, 2024

FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8... Critical Unreviewed

CVE-2024-35367 was published Nov 29, 2024

Previous 1 2 … 7 8 9 10 11 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

20,917 advisories