Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,164
Erlang
30
GitHub Actions
19
Go
1,973
Maven
5,000+
npm
3,695
NuGet
654
pip
3,312
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

91,572 advisories

Loading
NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper... High Unreviewed
CVE-2024-0105 was published Nov 1, 2024
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a... High Unreviewed
CVE-2024-0106 was published Nov 1, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51254 was published Oct 31, 2024
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code... High Unreviewed
CVE-2024-21537 was published Oct 31, 2024
Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album... High Unreviewed
CVE-2024-48311 was published Oct 31, 2024
Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remote attacker to escalate... High Unreviewed
CVE-2024-51425 was published Oct 30, 2024
Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remote attacker to escalate... High Unreviewed
CVE-2024-51426 was published Oct 30, 2024
Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to... High Unreviewed
CVE-2024-48093 was published Oct 30, 2024
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for... High Unreviewed
CVE-2024-48271 was published Oct 30, 2024
Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS... High Unreviewed
CVE-2024-48735 was published Oct 30, 2024
The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control... High Unreviewed
CVE-2024-51243 was published Oct 30, 2024
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that... High Unreviewed
CVE-2024-48214 was published Oct 30, 2024
An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized... High Unreviewed
CVE-2024-48646 was published Oct 30, 2024
A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote... High Unreviewed
CVE-2024-48647 was published Oct 30, 2024
The com.videodownload.browser.videodownloader (aka AppTool-Browser-Video All Video Downloader)... High Unreviewed
CVE-2024-42041 was published Oct 30, 2024
EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell... High Unreviewed
CVE-2024-36060 was published Oct 30, 2024
The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed... High Unreviewed
CVE-2024-37573 was published Oct 30, 2024
Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially... High Unreviewed
CVE-2024-9419 was published Oct 30, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51258 was published Oct 30, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51257 was published Oct 30, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51299 was published Oct 30, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51300 was published Oct 30, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51296 was published Oct 30, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51301 was published Oct 30, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51304 was published Oct 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database