Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,757
NuGet
678
pip
3,444
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

102,660 advisories

Loading
Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability... High Unreviewed
CVE-2024-29011 was published May 1, 2024
An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware... High Unreviewed
CVE-2024-25458 was published May 1, 2024
Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to... High Unreviewed
CVE-2024-33428 was published May 1, 2024
An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2024-24313 was published May 1, 2024
SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain... High Unreviewed
CVE-2024-33292 was published May 1, 2024
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to... High Unreviewed
CVE-2024-24312 was published May 1, 2024
An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a... High Unreviewed
CVE-2024-26504 was published May 1, 2024
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS)... High Unreviewed
CVE-2024-33300 was published May 1, 2024
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE)... High Unreviewed
CVE-2024-29010 was published May 1, 2024
SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an... High Unreviewed
CVE-2024-32212 was published May 1, 2024
The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain... High Unreviewed
CVE-2024-23457 was published May 1, 2024
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an... High Unreviewed
CVE-2024-20376 was published May 1, 2024
Privilege Escalation in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on Windows64 bit and 32... High Unreviewed
CVE-2023-7241 was published May 1, 2024
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight... High Unreviewed
CVE-2023-47166 was published May 1, 2024
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a... High Unreviewed
CVE-2024-25015 was published May 1, 2024
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an... High Unreviewed
CVE-2024-20378 was published May 1, 2024
A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This... High Unreviewed
CVE-2024-23480 was published May 1, 2024
Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution... High Unreviewed
CVE-2024-28893 was published May 1, 2024
Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is... High Unreviewed
CVE-2024-33820 was published May 1, 2024
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property High
CVE-2024-32984 was published for yamux (Rust) May 1, 2024
jxs marten-seemann
AgeManning
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values High
CVE-2024-32970 was published for phlex (RubyGems) May 1, 2024
joeldrapper
Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to... High Unreviewed
CVE-2024-4058 was published May 1, 2024
In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free... High Unreviewed
CVE-2024-27392 was published May 1, 2024
Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to... High Unreviewed
CVE-2024-4060 was published May 1, 2024
Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver.... High Unreviewed
CVE-2024-31412 was published May 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database