Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,803 advisories

Loading
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under... Critical Unreviewed
CVE-2024-25140 was published Feb 6, 2024
aXMLRPC XML External Entity vulnerability Critical
CVE-2020-36641 was published for fr.turri:aXMLRPC (Maven) Jan 5, 2023
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM... Critical Unreviewed
CVE-2022-23820 was published Nov 14, 2023
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially... Critical Unreviewed
CVE-2021-46762 was published May 9, 2023
Stimulsoft Dashboard.JS directory traversal vulnerability Critical
CVE-2024-24398 was published for stimulsoft-dashboards-js (npm) Feb 6, 2024
rails vulnerable to improper authentication Critical
CVE-2009-2422 was published for rails (RubyGems) Oct 24, 2017
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is... Critical Unreviewed
CVE-2023-6989 was published Feb 6, 2024
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0)... Critical Unreviewed
CVE-2024-23816 was published Feb 13, 2024
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a... Critical Unreviewed
CVE-2022-26496 was published Mar 7, 2022
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer... Critical Unreviewed
CVE-2022-26495 was published Mar 7, 2022
In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an... Critical Unreviewed
CVE-2024-22131 was published Feb 13, 2024
An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-23049 was published Feb 6, 2024
Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. Critical Unreviewed
CVE-2024-24482 was published Feb 2, 2024
Beetl Server-Side Template Injection vulnerability Critical
CVE-2024-22533 was published for com.ibeetl:beetl-core (Maven) Feb 2, 2024
yoshizawa-masatoshi
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel... Critical Unreviewed
CVE-2024-25314 was published Feb 9, 2024
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote... Critical Unreviewed
CVE-2024-24495 was published Feb 8, 2024
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel... Critical Unreviewed
CVE-2024-25315 was published Feb 9, 2024
SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to... Critical Unreviewed
CVE-2024-24499 was published Feb 8, 2024
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a... Critical Unreviewed
CVE-2024-25674 was published Feb 9, 2024
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel... Critical Unreviewed
CVE-2024-25316 was published Feb 9, 2024
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an... Critical Unreviewed
CVE-2024-25675 was published Feb 9, 2024
Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "... Critical Unreviewed
CVE-2024-25307 was published Feb 9, 2024
Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student'... Critical Unreviewed
CVE-2024-25302 was published Feb 9, 2024
Remote code execution via vulnerable Symphony dependecy injection Critical
CVE-2019-8135 was published for magento/community-edition (Composer) Nov 12, 2019
Magento 2 Community Edition XML Injection Critical
CVE-2019-8158 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database