GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
90,154 advisories
Filter by severity
Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability....
High
Unreviewed
CVE-2024-23934
was published
Sep 23, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-7835
was published
Sep 23, 2024
Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid allows Server Side...
High
Unreviewed
CVE-2024-43989
was published
Sep 23, 2024
eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder.
High
Unreviewed
CVE-2024-46649
was published
Sep 20, 2024
eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder.
High
Unreviewed
CVE-2024-46648
was published
Sep 20, 2024
eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files.
High
Unreviewed
CVE-2024-46645
was published
Sep 20, 2024
An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges...
High
Unreviewed
CVE-2023-47480
was published
Sep 20, 2024
A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients...
High
Unreviewed
CVE-2024-7207
was published
Sep 20, 2024
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology...
High
Unreviewed
CVE-2024-40125
was published
Sep 19, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release...
High
Unreviewed
CVE-2024-7737
was published
Sep 19, 2024
Microsoft Office Visio Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-38016
was published
Sep 19, 2024
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure...
High
Unreviewed
CVE-2024-45752
was published
Sep 19, 2024
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may...
High
Unreviewed
CVE-2024-45862
was published
Sep 19, 2024
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry...
High
Unreviewed
CVE-2024-7736
was published
Sep 19, 2024
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add
High
Unreviewed
CVE-2024-46394
was published
Sep 19, 2024
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the...
High
Unreviewed
CVE-2024-47089
was published
Sep 19, 2024
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain...
High
Unreviewed
CVE-2024-47087
was published
Sep 19, 2024
This vulnerability exists in LD DP Back Office due to improper implementation of OTP validation...
High
Unreviewed
CVE-2024-47086
was published
Sep 19, 2024
This vulnerability exists in LD DP Back Office due to improper validation of certain parameters ...
High
Unreviewed
CVE-2024-47085
was published
Sep 19, 2024
In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right...
High
Unreviewed
CVE-2024-37406
was published
Sep 19, 2024
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS...
High
Unreviewed
CVE-2024-8287
was published
Sep 18, 2024
Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size...
High
Unreviewed
CVE-2024-34057
was published
Sep 18, 2024
Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with...
High
Unreviewed
CVE-2024-44589
was published
Sep 18, 2024
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.
High
Unreviewed
CVE-2024-46373
was published
Sep 18, 2024
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in...
High
Unreviewed
CVE-2023-41610
was published
Sep 18, 2024
ProTip!
Advisories are also available from the
GraphQL API