Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,368
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

23,685 advisories

Loading
IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote... Critical Unreviewed
CVE-2024-41779 was published Nov 22, 2024
Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager... Critical Unreviewed
CVE-2024-52052 was published Nov 22, 2024
In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out... Critical Unreviewed
CVE-2018-9478 was published Nov 20, 2024
In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out... Critical Unreviewed
CVE-2018-9479 was published Nov 20, 2024
In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to... Critical Unreviewed
CVE-2018-9471 was published Nov 20, 2024
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of... Critical Unreviewed
CVE-2024-10094 was published Nov 20, 2024
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege... Critical Unreviewed
CVE-2024-9478 was published Nov 20, 2024
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege... Critical Unreviewed
CVE-2024-9479 was published Nov 20, 2024
Deserialization of Untrusted Data vulnerability in Mark O’Donnell Team Rosters allows Object... Critical Unreviewed
CVE-2024-52439 was published Nov 20, 2024
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Critical Unreviewed
CVE-2024-52441 was published Nov 20, 2024
Incorrect Privilege Assignment vulnerability in Userplus UserPlus allows Privilege Escalation... Critical Unreviewed
CVE-2024-52442 was published Nov 20, 2024
Deserialization of Untrusted Data vulnerability in Bueno Labs Pvt. Ltd. Xpresslane Fast Checkout... Critical Unreviewed
CVE-2024-52440 was published Nov 20, 2024
Deserialization of Untrusted Data vulnerability in Nerijus Masikonis Geolocator allows Object... Critical Unreviewed
CVE-2024-52443 was published Nov 20, 2024
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11... Critical Unreviewed
CVE-2024-10127 was published Nov 20, 2024
In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing... Critical Unreviewed
CVE-2018-9341 was published Nov 19, 2024
Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function ... Critical Unreviewed
CVE-2024-52714 was published Nov 19, 2024
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in... Critical Unreviewed
CVE-2024-52759 was published Nov 19, 2024
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is... Critical Unreviewed
CVE-2024-42450 was published Nov 19, 2024
Cross-Site Request Forgery (CSRF) vulnerability in 荒野无灯 Hacklog DownloadManager allows Upload a... Critical Unreviewed
CVE-2024-52401 was published Nov 19, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect... Critical Unreviewed
CVE-2024-52402 was published Nov 19, 2024
AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account. Critical Unreviewed
CVE-2024-51051 was published Nov 19, 2024
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0... Critical Unreviewed
CVE-2024-51053 was published Nov 18, 2024
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of... Critical Unreviewed
CVE-2024-50919 was published Nov 18, 2024
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes Critical
CVE-2024-47533 was published for cobbler (pip) Nov 18, 2024
opoplawski
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated... Critical Unreviewed
CVE-2024-0012 was published Nov 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database