Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

98,989 advisories

Loading
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This... High Unreviewed
CVE-2024-45890 was published Nov 4, 2024
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests... High Unreviewed
CVE-2024-51408 was published Nov 4, 2024
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... High Unreviewed
CVE-2024-50528 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51253 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51251 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51249 was published Nov 4, 2024
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... High Unreviewed
CVE-2024-51246 was published Nov 4, 2024
Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File... High Unreviewed
CVE-2024-51582 was published Nov 4, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2024-51672 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... High Unreviewed
CVE-2024-45884 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs... High Unreviewed
CVE-2024-45882 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... High Unreviewed
CVE-2024-45885 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs... High Unreviewed
CVE-2024-45888 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... High Unreviewed
CVE-2024-45887 was published Nov 4, 2024
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This... High Unreviewed
CVE-2024-45889 was published Nov 4, 2024
This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API... High Unreviewed
CVE-2024-51559 was published Nov 4, 2024
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs... High Unreviewed
CVE-2024-51560 was published Nov 4, 2024
This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at... High Unreviewed
CVE-2024-51556 was published Nov 4, 2024
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API... High Unreviewed
CVE-2024-51557 was published Nov 4, 2024
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in... High Unreviewed
CVE-2024-48878 was published Nov 4, 2024
Zohocorp ManageEngine ADAudit Plus versions 8121 and prior are vulnerable to SQL Injection in... High Unreviewed
CVE-2024-36485 was published Nov 4, 2024
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen... High Unreviewed
CVE-2024-23385 was published Nov 4, 2024
Apache Kylin Session Fixation vulnerability High
CVE-2024-23590 was published for org.apache.kylin:kylin (Maven) Nov 4, 2024
Transient DOS while parsing BTM ML IE when per STA profile is not included. High Unreviewed
CVE-2024-38403 was published Nov 4, 2024
Transient DOS while processing the CU information from RNR IE. High Unreviewed
CVE-2024-38405 was published Nov 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database