Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,026 advisories

Loading
Command injection and multiple stack-based buffer overflows vulnerabilities in the... Critical Unreviewed
CVE-2021-26731 was published Oct 24, 2022
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an... Critical Unreviewed
CVE-2024-8878 was published Sep 25, 2024
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via... Critical Unreviewed
CVE-2024-47222 was published Sep 23, 2024
Certain switch models from PLANET Technology lack proper access control in firmware upload and... Critical Unreviewed
CVE-2024-8456 was published Sep 30, 2024
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430,... Critical Unreviewed
CVE-2023-40622 was published Sep 13, 2023
SAP PowerDesigner - version 16.7, has improper access control which might allow an... Critical Unreviewed
CVE-2023-37483 was published Aug 8, 2023
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing... Critical Unreviewed
CVE-2023-40309 was published Sep 15, 2023
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication,... Critical Unreviewed
CVE-2023-39439 was published Aug 8, 2023
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP... Critical Unreviewed
CVE-2024-8353 was published Sep 28, 2024
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote... Critical Unreviewed
CVE-2024-46367 was published Sep 27, 2024
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI... Critical Unreviewed
CVE-2023-39213 was published Aug 9, 2023
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an... Critical Unreviewed
CVE-2023-39216 was published Aug 8, 2023
OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the... Critical Unreviewed
CVE-2024-8310 was published Sep 27, 2024
OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform... Critical Unreviewed
CVE-2024-6981 was published Sep 27, 2024
Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete... Critical Unreviewed
CVE-2024-8630 was published Sep 27, 2024
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western... Critical Unreviewed
CVE-2024-22170 was published Sep 27, 2024
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands... Critical Unreviewed
CVE-2024-46627 was published Sep 26, 2024
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and... Critical Unreviewed
CVE-2024-6386 was published Aug 21, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-3373 was published Sep 27, 2024
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp... Critical Unreviewed
CVE-2024-8644 was published Sep 27, 2024
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking... Critical Unreviewed
CVE-2024-8643 was published Sep 27, 2024
TouchLink packets processed after timeout or out of range due to Operation on a Resource after... Critical Unreviewed
CVE-2023-41094 was published Oct 4, 2023
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an... Critical Unreviewed
CVE-2024-22127 was published Mar 12, 2024
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser... Critical Unreviewed
CVE-2024-34026 was published Sep 18, 2024
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive... Critical Unreviewed
CVE-2024-47088 was published Sep 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database