Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,022
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,403
Swift
61
Unreviewed advisories
All unreviewed
5,000+

30,844 advisories

Loading
JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. Critical Unreviewed
CVE-2024-24029 was published Feb 2, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system... Critical Unreviewed
CVE-2023-45025 was published Feb 2, 2024
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions... Critical Unreviewed
CVE-2022-34381 was published Feb 2, 2024
Central Dogma Authentication Bypass Vulnerability via Session Leakage Critical
CVE-2024-1143 was published for com.linecorp.centraldogma:centraldogma-server (Maven) Feb 2, 2024
minwoox Credited to minwoox
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to... Critical Unreviewed
CVE-2023-47143 was published Feb 2, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security... Critical Unreviewed
CVE-2023-6675 was published Feb 2, 2024
An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute... Critical Unreviewed
CVE-2023-50488 was published Feb 2, 2024
Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By... Critical Unreviewed
CVE-2024-23978 was published Feb 2, 2024
Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. Critical Unreviewed
CVE-2024-24482 was published Feb 2, 2024
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. Critical Unreviewed
CVE-2024-22901 was published Feb 2, 2024
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. Critical Unreviewed
CVE-2024-22902 was published Feb 2, 2024
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could... Critical Unreviewed
CVE-2024-22320 was published Feb 2, 2024
Beetl Server-Side Template Injection vulnerability Critical
CVE-2024-22533 was published for com.ibeetl:beetl-core (Maven) Feb 2, 2024
yoshizawa-masatoshi Credited to yoshizawa-masatoshi
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export... Critical Unreviewed
CVE-2023-48792 was published Feb 2, 2024
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. Critical Unreviewed
CVE-2023-48793 was published Feb 2, 2024
Miro Desktop 0.8.18 on macOS allows Electron code injection. Critical Unreviewed
CVE-2024-23746 was published Feb 2, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded... Critical Unreviewed
CVE-2024-21764 was published Feb 2, 2024
The MachineSense application programmable interface (API) is improperly protected and can be... Critical Unreviewed
CVE-2023-49617 was published Feb 2, 2024
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if... Critical Unreviewed
CVE-2024-1039 was published Feb 2, 2024
Multiple MachineSense devices have credentials unable to be changed by the user or... Critical Unreviewed
CVE-2023-46706 was published Feb 2, 2024
Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number... Critical Unreviewed
CVE-2023-4472 was published Feb 2, 2024
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep... Critical Unreviewed
CVE-2023-5841 was published Feb 1, 2024
Vyper's bounds check on built-in `slice()` function can be overflowed Critical
CVE-2024-24561 was published for vyper (pip) Feb 1, 2024
zobront Credited to zobront and kuroi8 kuroi8 kuroi8
An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers to obtain sensitive... Critical Unreviewed
CVE-2023-37621 was published Feb 1, 2024
BuildKit vulnerable to possible host system access from mount stub cleaner Critical
CVE-2024-23652 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk Credited to rmcnamara-snyk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database