Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,422
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

101,413 advisories

Loading
A denial-of-service issue was addressed with improved input validation. This issue is fixed in... High Unreviewed
CVE-2024-54538 was published Dec 20, 2024
Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This... High Unreviewed
CVE-2024-12832 was published Dec 20, 2024
Huawei printers have an input verification vulnerability. Successful exploitation of this... High Unreviewed
CVE-2022-34159 was published Dec 20, 2024
There is an improper input verification vulnerability in Huawei printer product. Successful... High Unreviewed
CVE-2022-32204 was published Dec 20, 2024
Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2024-12830 was published Dec 20, 2024
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2024-12829 was published Dec 20, 2024
There is an unrestricted file upload vulnerability where it is possible for an authenticated user... High Unreviewed
CVE-2024-12700 was published Dec 20, 2024
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat... High Unreviewed
CVE-2024-12672 was published Dec 19, 2024
A post-auth SQLi vulnerability in the User Portal allows authenticated users to execute code... High Unreviewed
CVE-2024-12729 was published Dec 19, 2024
Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena®... High Unreviewed
CVE-2024-12175 was published Dec 19, 2024
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation... High Unreviewed
CVE-2024-11364 was published Dec 19, 2024
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat... High Unreviewed
CVE-2024-11157 was published Dec 19, 2024
In a specific scenario a LDAP user can abuse the authentication process in OpenText Privileged... High Unreviewed
CVE-2024-12111 was published Dec 19, 2024
Spring Framework Path Traversal vulnerability High
CVE-2024-38819 was published for org.springframework:spring-webflux (Maven) Dec 19, 2024
A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system... High Unreviewed
CVE-2024-9154 was published Dec 19, 2024
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol... High Unreviewed
CVE-2023-7005 was published Dec 19, 2024
A use after free in Fortinet FortiManager, FortiAnalyzer allows attacker to execute unauthorized... High Unreviewed
CVE-2021-32589 was published Dec 19, 2024
A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3... High Unreviewed
CVE-2024-12786 was published Dec 19, 2024
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System... High Unreviewed
CVE-2024-54790 was published Dec 19, 2024
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS High Unreviewed
CVE-2024-47093 was published Dec 19, 2024
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution High
CVE-2024-56327 was published for pyrage (pip) Dec 19, 2024
gaby woodruffw
Astro's server source code is exposed to the public if sourcemaps are enabled High
CVE-2024-56159 was published for astro (npm) Dec 19, 2024
lilnasy
An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line... High Unreviewed
CVE-2021-26115 was published Dec 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database