Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,564 advisories

Loading
Huawei printers have an input verification vulnerability. Successful exploitation of this... High Unreviewed
CVE-2022-34159 was published Dec 20, 2024
There is an improper input verification vulnerability in Huawei printer product. Successful... High Unreviewed
CVE-2022-32204 was published Dec 20, 2024
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2024-12829 was published Dec 20, 2024
Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2024-12830 was published Dec 20, 2024
There is an unrestricted file upload vulnerability where it is possible for an authenticated user... High Unreviewed
CVE-2024-12700 was published Dec 20, 2024
An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and... High Unreviewed
CVE-2024-54663 was published Dec 20, 2024
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation... High Unreviewed
CVE-2024-11364 was published Dec 19, 2024
Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena®... High Unreviewed
CVE-2024-12175 was published Dec 19, 2024
A post-auth SQLi vulnerability in the User Portal allows authenticated users to execute code... High Unreviewed
CVE-2024-12729 was published Dec 19, 2024
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat... High Unreviewed
CVE-2024-11157 was published Dec 19, 2024
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat... High Unreviewed
CVE-2024-12672 was published Dec 19, 2024
GoPhish sends cleartext passwords High
CVE-2024-55196 was published for github.com/gophish/gophish (Go) Dec 19, 2024
In a specific scenario a LDAP user can abuse the authentication process in OpenText Privileged... High Unreviewed
CVE-2024-12111 was published Dec 19, 2024
Spring Framework Path Traversal vulnerability High
CVE-2024-38819 was published for org.springframework:spring-webflux (Maven) Dec 19, 2024
joshbressers
A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling... High Unreviewed
CVE-2024-55082 was published Dec 19, 2024
A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system... High Unreviewed
CVE-2024-9154 was published Dec 19, 2024
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol... High Unreviewed
CVE-2023-7005 was published Dec 19, 2024
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS High Unreviewed
CVE-2024-47093 was published Dec 19, 2024
A use after free in Fortinet FortiManager, FortiAnalyzer allows attacker to execute unauthorized... High Unreviewed
CVE-2021-32589 was published Dec 19, 2024
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System... High Unreviewed
CVE-2024-54790 was published Dec 19, 2024
A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3... High Unreviewed
CVE-2024-12786 was published Dec 19, 2024
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution High
CVE-2024-56327 was published for pyrage (pip) Dec 19, 2024
gaby woodruffw
Astro's server source code is exposed to the public if sourcemaps are enabled High
CVE-2024-56159 was published for astro (npm) Dec 19, 2024
lilnasy
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database