GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,047 advisories
Filter by severity
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE
UTILITY sub-menu can allow a...
Critical
Unreviewed
CVE-2024-43693
was published
Sep 25, 2024
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP
sub-menu can allow a...
Critical
Unreviewed
CVE-2024-45066
was published
Sep 25, 2024
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user...
Critical
Unreviewed
CVE-2024-43423
was published
Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-42505
was published
Sep 25, 2024
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary...
Critical
Unreviewed
CVE-2023-26686
was published
Sep 25, 2024
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in...
Critical
Unreviewed
CVE-2024-42797
was published
Sep 25, 2024
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user...
Critical
Unreviewed
CVE-2023-26689
was published
Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-42506
was published
Sep 25, 2024
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated...
Critical
Unreviewed
CVE-2024-42507
was published
Sep 25, 2024
An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full...
Critical
Unreviewed
CVE-2024-43692
was published
Sep 25, 2024
The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file...
Critical
Unreviewed
CVE-2024-8671
was published
Sep 24, 2024
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin...
Critical
Unreviewed
CVE-2024-8791
was published
Sep 24, 2024
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection...
Critical
Unreviewed
CVE-2024-8624
was published
Sep 24, 2024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote...
Critical
Unreviewed
CVE-2024-7024
was published
Sep 24, 2024
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via...
Critical
Unreviewed
CVE-2024-47222
was published
Sep 23, 2024
A condition exists in FlashArray Purity whereby an user with array admin role can execute...
Critical
Unreviewed
CVE-2024-0004
was published
Sep 23, 2024
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account...
Critical
Unreviewed
CVE-2024-0002
was published
Sep 23, 2024
A condition exists in FlashArray Purity whereby a local account intended for initial array...
Critical
Unreviewed
CVE-2024-0001
was published
Sep 23, 2024
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute...
Critical
Unreviewed
CVE-2024-0005
was published
Sep 23, 2024
A condition exists in FlashArray Purity whereby a malicious user could use a remote...
Critical
Unreviewed
CVE-2024-0003
was published
Sep 23, 2024
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows...
Critical
Unreviewed
CVE-2024-34331
was published
Sep 23, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-7735
was published
Sep 23, 2024
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows...
Critical
Unreviewed
CVE-2024-8606
was published
Sep 23, 2024
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication.
Critical
Unreviewed
CVE-2024-47218
was published
Sep 22, 2024
GDidees CMS <= v3.9.1 has a file upload vulnerability.
Critical
Unreviewed
CVE-2024-46101
was published
Sep 20, 2024
ProTip!
Advisories are also available from the
GraphQL API