GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,042 advisories
Filter by severity
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16...
Critical
Unreviewed
CVE-2023-4008
was published
Aug 3, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2...
Critical
Unreviewed
CVE-2023-5009
was published
Sep 19, 2023
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection...
Critical
Unreviewed
CVE-2024-9441
was published
Oct 2, 2024
According to the researcher: "The TLS connections are encrypted against tampering or...
Critical
Unreviewed
CVE-2024-44097
was published
Oct 2, 2024
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC)...
Critical
Unreviewed
CVE-2024-20432
was published
Oct 2, 2024
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.
Critical
Unreviewed
CVE-2024-45186
was published
Oct 2, 2024
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2024-38812
was published
Sep 17, 2024
An unauthenticated remote attacker may use a missing authentication for critical function...
Critical
Unreviewed
CVE-2024-35293
was published
Oct 2, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive...
Critical
Unreviewed
CVE-2023-1083
was published
Apr 9, 2024
The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low...
Critical
Unreviewed
CVE-2024-25660
was published
Oct 1, 2024
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of...
Critical
Unreviewed
CVE-2024-9402
was published
Oct 1, 2024
A compromised content process could have allowed for the arbitrary loading of cross-origin pages....
Critical
Unreviewed
CVE-2024-9392
was published
Oct 1, 2024
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This...
Critical
Unreviewed
CVE-2023-33934
was published
Aug 9, 2023
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4...
Critical
Unreviewed
CVE-2024-42514
was published
Oct 1, 2024
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird...
Critical
Unreviewed
CVE-2024-9401
was published
Oct 1, 2024
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user...
Critical
Unreviewed
CVE-2024-43423
was published
Sep 25, 2024
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain...
Critical
Unreviewed
CVE-2023-36100
was published
Sep 1, 2023
A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code...
Critical
Unreviewed
CVE-2024-41276
was published
Oct 1, 2024
Installer RCE on settings file write in MyBB before 1.8.22.
Critical
Unreviewed
CVE-2020-22612
was published
Sep 1, 2023
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in...
Critical
Unreviewed
CVE-2024-9265
was published
Oct 1, 2024
The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to...
Critical
Unreviewed
CVE-2024-9108
was published
Oct 1, 2024
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-9289
was published
Oct 1, 2024
The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions...
Critical
Unreviewed
CVE-2024-9106
was published
Oct 1, 2024
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate...
Critical
Unreviewed
CVE-2023-25280
was published
Mar 16, 2023
ProTip!
Advisories are also available from the
GraphQL API