GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
104,895 advisories
Filter by severity
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information...
Moderate
Unreviewed
CVE-2024-28807
was published
Sep 30, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic...
Moderate
Unreviewed
CVE-2024-28810
was published
Sep 30, 2024
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This...
Moderate
Unreviewed
CVE-2024-45073
was published
Oct 1, 2024
The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid...
Moderate
Unreviewed
CVE-2024-3635
was published
Sep 30, 2024
TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates,...
Moderate
Unreviewed
CVE-2024-46548
was published
Sep 30, 2024
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before...
Moderate
Unreviewed
CVE-2024-46540
was published
Sep 30, 2024
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is...
Moderate
Unreviewed
CVE-2024-44170
was published
Sep 17, 2024
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions...
Moderate
Unreviewed
CVE-2024-6544
was published
Sep 13, 2024
A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to...
Moderate
Unreviewed
CVE-2024-45920
was published
Sep 30, 2024
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal...
Moderate
Unreviewed
CVE-2024-6786
was published
Sep 21, 2024
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.
Moderate
Unreviewed
CVE-2024-45993
was published
Sep 30, 2024
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows...
Moderate
Unreviewed
CVE-2024-45200
was published
Sep 30, 2024
A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard...
Moderate
Unreviewed
CVE-2024-46475
was published
Sep 30, 2024
In drm service, there is a possible out of bounds write due to a missing bounds check. This could...
Moderate
Unreviewed
CVE-2024-39433
was published
Sep 27, 2024
An improper privilege management vulnerability allowed arbitrary workflows to be committed using...
Moderate
Unreviewed
CVE-2024-8263
was published
Sep 23, 2024
In drm service, there is a possible out of bounds read due to a missing bounds check. This could...
Moderate
Unreviewed
CVE-2024-39434
was published
Sep 27, 2024
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for...
Moderate
Unreviewed
CVE-2024-3165
was published
Apr 2, 2024
An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to...
Moderate
Unreviewed
CVE-2024-43025
was published
Sep 18, 2024
Improper neutralization of special elements results in a SQL Injection vulnerability in Riello...
Moderate
Unreviewed
CVE-2024-8877
was published
Sep 25, 2024
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all...
Moderate
Unreviewed
CVE-2024-7415
was published
Sep 6, 2024
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is...
Moderate
Unreviewed
CVE-2024-3164
was published
Apr 2, 2024
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: fix error checks...
Moderate
Unreviewed
CVE-2024-42320
was published
Aug 17, 2024
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for...
Moderate
Unreviewed
CVE-2024-7426
was published
Sep 25, 2024
The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when...
Moderate
Unreviewed
CVE-2024-8044
was published
Sep 17, 2024
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't BUG_ON() when 0...
Moderate
Unreviewed
CVE-2024-46751
was published
Sep 18, 2024
ProTip!
Advisories are also available from the
GraphQL API