GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,708 advisories
Filter by severity
In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to
an unusual root...
Critical
Unreviewed
CVE-2018-9416
was published
Dec 5, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-54221
was published
Dec 5, 2024
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels...
Critical
Unreviewed
CVE-2024-10905
was published
Dec 2, 2024
nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the...
Critical
Unreviewed
CVE-2024-36671
was published
Nov 29, 2024
Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an...
Critical
Unreviewed
CVE-2024-48406
was published
Nov 29, 2024
qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component ...
Critical
Unreviewed
CVE-2024-50942
was published
Nov 26, 2024
An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows...
Critical
Unreviewed
CVE-2024-51366
was published
Nov 21, 2024
An arbitrary file upload vulnerability in the importSettings method of VisiCut v2.1 allows...
Critical
Unreviewed
CVE-2024-51365
was published
Nov 21, 2024
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required...
Critical
Unreviewed
CVE-2024-11703
was published
Nov 26, 2024
readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.
Critical
Unreviewed
CVE-2024-54661
was published
Dec 4, 2024
Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an...
Critical
Unreviewed
CVE-2024-10576
was published
Dec 4, 2024
An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port...
Critical
Unreviewed
CVE-2024-52544
was published
Dec 3, 2024
SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System...
Critical
Unreviewed
CVE-2024-33409
was published
May 6, 2024
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb...
Critical
Unreviewed
CVE-2024-51378
was published
Oct 30, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
Critical
Unreviewed
CVE-2023-42945
was published
Feb 21, 2024
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the...
Critical
Unreviewed
CVE-2024-36622
was published
Nov 29, 2024
Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard...
Critical
Unreviewed
CVE-2024-53484
was published
Dec 2, 2024
Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value...
Critical
Unreviewed
CVE-2024-52732
was published
Dec 2, 2024
A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS...
Critical
Unreviewed
CVE-2024-31695
was published
Nov 15, 2024
Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog...
Critical
Unreviewed
CVE-2024-51164
was published
Nov 15, 2024
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over...
Critical
Unreviewed
CVE-2024-50648
was published
Nov 15, 2024
KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at ...
Critical
Unreviewed
CVE-2024-50724
was published
Nov 15, 2024
A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School...
Critical
Unreviewed
CVE-2024-34931
was published
May 23, 2024
The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.
Critical
Unreviewed
CVE-2024-50649
was published
Nov 15, 2024
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of...
Critical
Unreviewed
CVE-2024-35366
was published
Nov 29, 2024
ProTip!
Advisories are also available from the
GraphQL API