GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,047 advisories
Filter by severity
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0...
Critical
Unreviewed
CVE-2024-45519
was published
Oct 3, 2024
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx....
Critical
Unreviewed
CVE-2024-43699
was published
Oct 4, 2024
The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly...
Critical
Unreviewed
CVE-2024-41925
was published
Oct 4, 2024
The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication...
Critical
Unreviewed
CVE-2024-45367
was published
Oct 4, 2024
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an...
Critical
Unreviewed
CVE-2024-46256
was published
Sep 27, 2024
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:...
Critical
Unreviewed
CVE-2018-2628
was published
May 14, 2022
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the...
Critical
Unreviewed
CVE-2020-12069
was published
Dec 26, 2022
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4...
Critical
Unreviewed
CVE-2024-42514
was published
Oct 1, 2024
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to...
Critical
Unreviewed
CVE-2022-26136
was published
Jul 21, 2022
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS...
Critical
Unreviewed
CVE-2024-41988
was published
Oct 3, 2024
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2024-41651
was published
Aug 12, 2024
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker...
Critical
Unreviewed
CVE-2022-4920
was published
Jul 29, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16...
Critical
Unreviewed
CVE-2023-4008
was published
Aug 3, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2...
Critical
Unreviewed
CVE-2023-5009
was published
Sep 19, 2023
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection...
Critical
Unreviewed
CVE-2024-9441
was published
Oct 2, 2024
According to the researcher: "The TLS connections are encrypted against tampering or...
Critical
Unreviewed
CVE-2024-44097
was published
Oct 2, 2024
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC)...
Critical
Unreviewed
CVE-2024-20432
was published
Oct 2, 2024
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.
Critical
Unreviewed
CVE-2024-45186
was published
Oct 2, 2024
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2024-38812
was published
Sep 17, 2024
An unauthenticated remote attacker may use a missing authentication for critical function...
Critical
Unreviewed
CVE-2024-35293
was published
Oct 2, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive...
Critical
Unreviewed
CVE-2023-1083
was published
Apr 9, 2024
The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low...
Critical
Unreviewed
CVE-2024-25660
was published
Oct 1, 2024
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of...
Critical
Unreviewed
CVE-2024-9402
was published
Oct 1, 2024
A compromised content process could have allowed for the arbitrary loading of cross-origin pages....
Critical
Unreviewed
CVE-2024-9392
was published
Oct 1, 2024
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This...
Critical
Unreviewed
CVE-2023-33934
was published
Aug 9, 2023
ProTip!
Advisories are also available from the
GraphQL API