GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,409

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

808 advisories

Filter by severity

Sort by

Least recently updated

Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy Critical

CVE-2024-48914 was published for @vendure/asset-server-plugin (npm) Oct 15, 2024

Memory corruption while redirecting log file to any file location with any file name. Critical Unreviewed

CVE-2024-33066 was published Oct 7, 2024

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify... Critical Unreviewed

CVE-2024-8889 was published Sep 18, 2024

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This... Critical Unreviewed

CVE-2024-7591 was published Sep 5, 2024

An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via... Critical Unreviewed

CVE-2024-44808 was published Sep 4, 2024

A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0,... Critical Unreviewed

CVE-2024-44809 was published Sep 4, 2024

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™... Critical Unreviewed

CVE-2024-7988 was published Aug 26, 2024

Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application... Critical Unreviewed

CVE-2024-8073 was published Aug 26, 2024

Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live... Critical Unreviewed

CVE-2024-42531 was published Aug 23, 2024

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input... Critical Unreviewed

CVE-2024-45167 was published Aug 22, 2024

Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network... Critical Unreviewed

CVE-2024-21810 was published Aug 14, 2024

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application... Critical Unreviewed

CVE-2024-41940 was published Aug 13, 2024

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7... Critical Unreviewed

CVE-2024-6915 was published Aug 5, 2024

server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type. Critical Unreviewed

CVE-2024-42458 was published Aug 2, 2024

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can... Critical Unreviewed

CVE-2024-35161 was published Jul 26, 2024

SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability.... Critical Unreviewed

CVE-2024-23469 was published Jul 17, 2024

Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on... Critical Unreviewed

CVE-2024-6298 was published Jul 5, 2024

Under certain circumstances the web interface will accept characters unrelated to the expected... Critical Unreviewed

CVE-2024-32755 was published Jul 2, 2024

Inadequate input validation exposes the system to potential remote code execution (RCE) risks.... Critical Unreviewed

CVE-2023-41917 was published Jul 2, 2024

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify... Critical Unreviewed

CVE-2024-5276 was published Jun 25, 2024

Due to an improper input validation, an unauthenticated threat actor can send a malicious message... Critical Unreviewed

CVE-2024-5989 was published Jun 25, 2024

Due to an improper input validation, an unauthenticated threat actor can send a malicious message... Critical Unreviewed

CVE-2024-5988 was published Jun 25, 2024

An improper input validation vulnerability was discovered in Avaya IP Office that could allow... Critical Unreviewed

CVE-2024-4196 was published Jun 25, 2024

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an... Critical Unreviewed

CVE-2024-34108 was published Jun 13, 2024

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0,... Critical Unreviewed

CVE-2024-35213 was published Jun 11, 2024

Previous 1 2 3 4 5 … 32 33 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

808 advisories