GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
90,998 advisories
Filter by severity
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of...
High
Unreviewed
CVE-2024-45766
was published
Oct 17, 2024
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-9861
was published
Oct 17, 2024
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors...
High
Unreviewed
CVE-2024-9215
was published
Oct 17, 2024
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based...
High
Unreviewed
CVE-2024-7994
was published
Oct 17, 2024
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds...
High
Unreviewed
CVE-2024-7993
was published
Oct 17, 2024
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A
...
High
Unreviewed
CVE-2024-38814
was published
Oct 16, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone...
High
Unreviewed
CVE-2024-20421
was published
Oct 16, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone...
High
Unreviewed
CVE-2024-20458
was published
Oct 16, 2024
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
High
Unreviewed
CVE-2024-9348
was published
Oct 16, 2024
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions,...
High
Unreviewed
CVE-2024-45844
was published
Oct 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-49268
was published
Oct 16, 2024
Relative Path Traversal vulnerability in James Park Analyse Uploads allows Relative Path...
High
Unreviewed
CVE-2024-49253
was published
Oct 16, 2024
: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
High
Unreviewed
CVE-2024-49251
was published
Oct 16, 2024
Insecure permissions in the packaging of tomcat allow local users that win a race during package...
High
Unreviewed
CVE-2024-22029
was published
Oct 16, 2024
: Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path...
High
Unreviewed
CVE-2024-47637
was published
Oct 16, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-47351
was published
Oct 16, 2024
Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter...
High
Unreviewed
CVE-2024-49227
was published
Oct 16, 2024
: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
High
Unreviewed
CVE-2024-48029
was published
Oct 16, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-47645
was published
Oct 16, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
High
Unreviewed
CVE-2024-49245
was published
Oct 16, 2024
Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object...
High
Unreviewed
CVE-2024-49226
was published
Oct 16, 2024
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on...
High
Unreviewed
CVE-2024-8040
was published
Oct 16, 2024
mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by...
High
Unreviewed
CVE-2023-32190
was published
Oct 16, 2024
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry...
High
Unreviewed
CVE-2024-6380
was published
Oct 16, 2024
Account users in Apache CloudStack by default are allowed to upload and register templates for...
High
Unreviewed
CVE-2024-45219
was published
Oct 16, 2024
ProTip!
Advisories are also available from the
GraphQL API