Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

256,358 advisories

Loading
Initial xbl_sec revision does not have all the debug policy features and critical checks. High Unreviewed
CVE-2016-10394 was published Nov 26, 2024
The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-11192 was published Nov 26, 2024
Admin authentication can be bypassed with some specific invalid credentials, which allows logging... Moderate Unreviewed
CVE-2024-33616 was published Nov 26, 2024
Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet... High Unreviewed
CVE-2024-47257 was published Nov 26, 2024
There are several hidden accounts. Some of them are intended for maintenance engineers, and with... Critical Unreviewed
CVE-2024-35244 was published Nov 26, 2024
Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi... Low Unreviewed
CVE-2024-8160 was published Nov 26, 2024
The web interface of the affected devices process some crafted HTTP requests improperly, leading... High Unreviewed
CVE-2024-36251 was published Nov 26, 2024
Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation... High Unreviewed
CVE-2024-36249 was published Nov 26, 2024
Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to... Moderate Unreviewed
CVE-2024-6831 was published Nov 26, 2024
The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored... High Unreviewed
CVE-2024-9504 was published Nov 26, 2024
Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple... High Unreviewed
CVE-2024-36254 was published Nov 26, 2024
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API... Moderate Unreviewed
CVE-2024-8772 was published Nov 26, 2024
On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not... Critical Unreviewed
CVE-2017-11076 was published Nov 26, 2024
API keys for some cloud services are hardcoded in the "main" binary. As for the details of... Critical Unreviewed
CVE-2024-36248 was published Nov 26, 2024
A race condition exists in a driver potentially leading to a use-after-free condition. High Unreviewed
CVE-2017-18153 was published Nov 26, 2024
The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-11119 was published Nov 26, 2024
Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-11202 was published Nov 26, 2024
The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via... Moderate Unreviewed
CVE-2024-11002 was published Nov 26, 2024
Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident... Moderate Unreviewed
CVE-2024-6749 was published Nov 26, 2024
The web interface of the affected devices processes a cookie value improperly, leading to a stack... Critical Unreviewed
CVE-2024-28038 was published Nov 26, 2024
Affected devices create coredump files when crashed, storing them with world-readable permission.... Moderate Unreviewed
CVE-2024-28955 was published Nov 26, 2024
User passwords are decrypted and stored on memory before any user logged in. Those decrypted... Moderate Unreviewed
CVE-2024-29978 was published Nov 26, 2024
User passwords are decrypted and stored on memory before any user logged in. Those decrypted... Moderate Unreviewed
CVE-2024-29146 was published Nov 26, 2024
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. ... Critical Unreviewed
CVE-2024-33610 was published Nov 26, 2024
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote... High Unreviewed
CVE-2024-23910 was published Feb 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database