Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

99,869 advisories

Loading
The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post... High Unreviewed
CVE-2024-11104 was published Nov 22, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-7837 was published Nov 22, 2024
The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post... High Unreviewed
CVE-2024-11601 was published Nov 22, 2024
Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows... High Unreviewed
CVE-2024-52053 was published Nov 22, 2024
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an... High Unreviewed
CVE-2024-52055 was published Nov 22, 2024
OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent... High Unreviewed
CVE-2024-31408 was published Nov 22, 2024
GeoNode Server Side Request forgery High
CVE-2023-40017 was published for geonode (pip) Nov 21, 2024
ImThatT
Flowise OverrideConfig security vulnerability High
GHSA-5cph-wvm9-45gj was published for flowise (npm) Nov 21, 2024
ryanhalliday
LLama Factory Remote OS Command Injection Vulnerability High
CVE-2024-52803 was published for llamafactory (pip) Nov 21, 2024
superboy-zjc
TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in infostat.cgi. High Unreviewed
CVE-2024-53334 was published Nov 21, 2024
Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function. High Unreviewed
CVE-2024-48286 was published Nov 21, 2024
Litestar allows unbounded resource consumption (DoS vulnerability) High
CVE-2024-52581 was published for litestar (pip) Nov 20, 2024
defnull
Querydsl SQL/HQL injection High
CVE-2024-49203 was published for com.querydsl:querydsl-apt (Maven) Nov 20, 2024
D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE)... High Unreviewed
CVE-2024-52739 was published Nov 20, 2024
In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer... High Unreviewed
CVE-2018-9472 was published Nov 20, 2024
In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a... High Unreviewed
CVE-2018-9484 was published Nov 20, 2024
In the development options section of the Settings app, there is a possible authentication bypass... High Unreviewed
CVE-2018-9477 was published Nov 20, 2024
In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a... High Unreviewed
CVE-2018-9468 was published Nov 20, 2024
In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an... High Unreviewed
CVE-2018-9470 was published Nov 20, 2024
In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write... High Unreviewed
CVE-2018-9475 was published Nov 20, 2024
In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut... High Unreviewed
CVE-2018-9469 was published Nov 20, 2024
In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch... High Unreviewed
CVE-2018-9474 was published Nov 20, 2024
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic High
GHSA-7225-m954-23v7 was published for cosmossdk.io/math (Go) Nov 20, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources High
CVE-2024-52280 was published for github.com/rancher/steve (Go) Nov 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-52471 was published Nov 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database