GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
5,383 advisories
Filter by severity
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an...
Moderate
Unreviewed
CVE-2024-47485
was published
Oct 18, 2024
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2...
Moderate
Unreviewed
CVE-2024-10099
was published
Oct 17, 2024
Substance3D - Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference...
Moderate
Unreviewed
CVE-2024-47459
was published
Oct 17, 2024
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10...
Moderate
Unreviewed
CVE-2023-44293
was published
Oct 17, 2024
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10...
Moderate
Unreviewed
CVE-2023-44294
was published
Oct 17, 2024
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to...
Moderate
Unreviewed
CVE-2024-3184
was published
Oct 17, 2024
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server ...
Moderate
Unreviewed
CVE-2024-3186
was published
Oct 17, 2024
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in...
Moderate
Unreviewed
CVE-2024-3187
was published
Oct 17, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone...
Moderate
Unreviewed
CVE-2024-20463
was published
Oct 16, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone...
Moderate
Unreviewed
CVE-2024-20420
was published
Oct 16, 2024
A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could...
Moderate
Unreviewed
CVE-2024-20461
was published
Oct 16, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series...
Moderate
Unreviewed
CVE-2024-20459
was published
Oct 16, 2024
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in...
Moderate
Unreviewed
CVE-2024-10033
was published
Oct 16, 2024
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality...
Moderate
Unreviewed
CVE-2023-32266
was published
Oct 16, 2024
IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an...
Moderate
Unreviewed
CVE-2024-49340
was published
Oct 16, 2024
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the...
Moderate
Unreviewed
CVE-2024-9676
was published
Oct 15, 2024
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2...
Moderate
Unreviewed
CVE-2024-45741
was published
Oct 14, 2024
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2...
Moderate
Unreviewed
CVE-2024-45740
was published
Oct 14, 2024
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An...
Moderate
Unreviewed
CVE-2024-48120
was published
Oct 14, 2024
The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery...
Moderate
Unreviewed
CVE-2024-9592
was published
Oct 12, 2024
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker...
Moderate
Unreviewed
CVE-2024-9539
was published
Oct 11, 2024
Mware NSX contains a command injection vulnerability.
A malicious actor with access to the NSX...
Moderate
Unreviewed
CVE-2024-38817
was published
Oct 9, 2024
VMware NSX contains a local privilege escalation vulnerability.
An authenticated malicious...
Moderate
Unreviewed
CVE-2024-38818
was published
Oct 9, 2024
VMware NSX contains a content spoofing vulnerability.
An unauthenticated malicious actor may be...
Moderate
Unreviewed
CVE-2024-38815
was published
Oct 9, 2024
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows...
Moderate
Unreviewed
CVE-2024-9469
was published
Oct 9, 2024
ProTip!
Advisories are also available from the
GraphQL API