Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

97,169 advisories

Loading
Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size... High Unreviewed
CVE-2024-34057 was published Sep 18, 2024
Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with... High Unreviewed
CVE-2024-44589 was published Sep 18, 2024
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. High Unreviewed
CVE-2024-46373 was published Sep 18, 2024
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via ... High Unreviewed
CVE-2024-46086 was published Sep 18, 2024
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in... High Unreviewed
CVE-2023-41610 was published Sep 18, 2024
Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat... High Unreviewed
CVE-2023-41612 was published Sep 18, 2024
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
find-my-way has a ReDoS vulnerability in multiparametric routes High
CVE-2024-45813 was published for find-my-way (npm) Sep 18, 2024
blakeembrey mcollina
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) High
GHSA-7x4w-cj9r-h4v9 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser... High Unreviewed
CVE-2024-36980 was published Sep 18, 2024
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP... High Unreviewed
CVE-2024-39589 was published Sep 18, 2024
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser... High Unreviewed
CVE-2024-36981 was published Sep 18, 2024
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP... High Unreviewed
CVE-2024-39590 was published Sep 18, 2024
Guardrails has an arbitrary code execution vulnerability High
CVE-2024-45858 was published for guardrails-ai (pip) Sep 18, 2024
CoreDNS vulnerable to TuDoor Attacks High
CVE-2023-28452 was published for github.com/coredns/coredns (Go) Sep 18, 2024
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache... High Unreviewed
CVE-2023-28457 was published Sep 18, 2024
An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to... High Unreviewed
CVE-2023-28455 was published Sep 18, 2024
An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS... High Unreviewed
CVE-2023-28451 was published Sep 18, 2024
Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification)... High Unreviewed
CVE-2023-49203 was published Sep 18, 2024
An issue was discovered in Technitium through 11.0.2. It enables attackers to launch... High Unreviewed
CVE-2023-28456 was published Sep 18, 2024
sqlitedict insecure deserialization vulnerability High
CVE-2024-35515 was published for sqlitedict (pip) Sep 18, 2024
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware... High Unreviewed
CVE-2024-8890 was published Sep 18, 2024
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
ProTip! Advisories are also available from the GraphQL API