GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,713
Composer 4,471
Erlang 33
GitHub Actions 24
Go 2,179
Maven 5,408
npm 3,835
NuGet 696
pip 3,514
Pub 12
RubyGems 910
Rust 908
Swift 38

Unreviewed advisories

All unreviewed 248,597

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

562 advisories

Filter by severity

Sort by

Least recently updated

SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a... Critical Unreviewed

CVE-2024-48579 was published Oct 25, 2024

File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker... Critical Unreviewed

CVE-2024-48581 was published Oct 25, 2024

SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote... Critical Unreviewed

CVE-2024-48204 was published Oct 25, 2024

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an... Critical Unreviewed

CVE-2024-35285 was published Oct 21, 2024

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business... Critical Unreviewed

CVE-2024-35314 was published Oct 21, 2024

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability. Critical Unreviewed

CVE-2023-26785 was published Oct 18, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code... Critical Unreviewed

CVE-2024-49254 was published Oct 16, 2024

: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in... Critical Unreviewed

CVE-2024-49271 was published Oct 16, 2024

A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link... Critical Unreviewed

CVE-2024-48168 was published Oct 14, 2024

A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary... Critical Unreviewed

CVE-2024-45873 was published Oct 8, 2024

A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code ... Critical Unreviewed

CVE-2024-45874 was published Oct 8, 2024

RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code... Critical Unreviewed

CVE-2024-46076 was published Oct 7, 2024

FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. Critical Unreviewed

CVE-2024-45186 was published Oct 2, 2024

A condition exists in FlashArray Purity whereby an user with array admin role can execute... Critical Unreviewed

CVE-2024-0004 was published Sep 23, 2024

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection. Critical Unreviewed

CVE-2024-47219 was published Sep 22, 2024

SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although... Critical Unreviewed

CVE-2024-46640 was published Sep 20, 2024

SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. Critical Unreviewed

CVE-2024-46103 was published Sep 20, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww... Critical Unreviewed

CVE-2024-7104 was published Sep 16, 2024

SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker... Critical Unreviewed

CVE-2024-44430 was published Sep 13, 2024

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers... Critical Unreviewed

CVE-2024-44466 was published Sep 11, 2024

An unauthenticated remote attacker can run malicious c# code included in curve files and execute... Critical Unreviewed

CVE-2024-6596 was published Sep 10, 2024

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Critical Unreviewed

CVE-2024-44410 was published Sep 9, 2024

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. Critical Unreviewed

CVE-2024-44411 was published Sep 9, 2024

A code injection vulnerability that permits a low-privileged user to upload arbitrary files to... Critical Unreviewed

CVE-2024-39714 was published Sep 7, 2024

D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code... Critical Unreviewed

CVE-2024-45623 was published Sep 2, 2024

Previous 1 2 3 4 5 6 … 22 23 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

562 advisories