Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

108,104 advisories

Loading
uPlot Prototype Pollution vulnerability High
CVE-2024-21489 was published for uplot (npm) Oct 1, 2024
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote... High Unreviewed
CVE-2024-47295 was published Oct 1, 2024
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due... High Unreviewed
CVE-2024-8981 was published Oct 1, 2024
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If... High Unreviewed
CVE-2024-47560 was published Oct 1, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-9194 was published Oct 1, 2024
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force... High Unreviewed
CVE-2024-7673 was published Sep 30, 2024
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force... High Unreviewed
CVE-2024-7674 was published Sep 30, 2024
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force... High Unreviewed
CVE-2024-7672 was published Sep 30, 2024
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a... High Unreviewed
CVE-2024-7675 was published Sep 30, 2024
An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read... High Unreviewed
CVE-2024-46503 was published Sep 30, 2024
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force... High Unreviewed
CVE-2024-7670 was published Sep 30, 2024
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can... High Unreviewed
CVE-2024-7671 was published Sep 30, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the ... High Unreviewed
CVE-2024-28813 was published Sep 30, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local... High Unreviewed
CVE-2024-28812 was published Sep 30, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in... High Unreviewed
CVE-2024-28809 was published Sep 30, 2024
ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in... High Unreviewed
CVE-2024-46510 was published Sep 30, 2024
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows... High Unreviewed
CVE-2024-46549 was published Sep 30, 2024
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an... High Unreviewed
CVE-2024-9158 was published Sep 30, 2024
basic-auth-connect's callback uses time unsafe string comparison High
CVE-2024-47178 was published for basic-auth-connect (npm) Sep 30, 2024
UlisesGascon ctcpip
AdamKorcz blakeembrey
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 dronex7070
d-maurer dataflake icemac
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service... High Unreviewed
CVE-2024-46280 was published Sep 30, 2024
TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm... High Unreviewed
CVE-2024-46313 was published Sep 30, 2024
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain... High Unreviewed
CVE-2024-8455 was published Sep 30, 2024
Certain switch models from PLANET Technology have a web application that is vulnerable to Cross... High Unreviewed
CVE-2024-8458 was published Sep 30, 2024
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within... High Unreviewed
CVE-2024-8459 was published Sep 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database