GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
809 advisories
Filter by severity
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Critical
CVE-2024-48914
was published
for
@vendure/asset-server-plugin
(npm)
Oct 15, 2024
Memory corruption while redirecting log file to any file location with any file name.
Critical
Unreviewed
CVE-2024-33066
was published
Oct 7, 2024
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify...
Critical
Unreviewed
CVE-2024-8889
was published
Sep 18, 2024
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This...
Critical
Unreviewed
CVE-2024-7591
was published
Sep 5, 2024
An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2024-44808
was published
Sep 4, 2024
A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0,...
Critical
Unreviewed
CVE-2024-44809
was published
Sep 4, 2024
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™...
Critical
Unreviewed
CVE-2024-7988
was published
Aug 26, 2024
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application...
Critical
Unreviewed
CVE-2024-8073
was published
Aug 26, 2024
Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live...
Critical
Unreviewed
CVE-2024-42531
was published
Aug 23, 2024
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input...
Critical
Unreviewed
CVE-2024-45167
was published
Aug 22, 2024
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network...
Critical
Unreviewed
CVE-2024-21810
was published
Aug 14, 2024
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application...
Critical
Unreviewed
CVE-2024-41940
was published
Aug 13, 2024
JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7...
Critical
Unreviewed
CVE-2024-6915
was published
Aug 5, 2024
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type.
Critical
Unreviewed
CVE-2024-42458
was published
Aug 2, 2024
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can...
Critical
Unreviewed
CVE-2024-35161
was published
Jul 26, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability....
Critical
Unreviewed
CVE-2024-23469
was published
Jul 17, 2024
Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on...
Critical
Unreviewed
CVE-2024-6298
was published
Jul 5, 2024
Under certain circumstances the web interface will accept characters unrelated to the expected...
Critical
Unreviewed
CVE-2024-32755
was published
Jul 2, 2024
Inadequate input validation exposes the system to potential remote code execution (RCE) risks....
Critical
Unreviewed
CVE-2023-41917
was published
Jul 2, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify...
Critical
Unreviewed
CVE-2024-5276
was published
Jun 25, 2024
Due to an improper input validation, an unauthenticated threat actor can send a malicious message...
Critical
Unreviewed
CVE-2024-5989
was published
Jun 25, 2024
Due to an improper input validation, an unauthenticated threat actor can send a malicious message...
Critical
Unreviewed
CVE-2024-5988
was published
Jun 25, 2024
An improper input validation vulnerability was discovered in Avaya IP Office that could allow...
Critical
Unreviewed
CVE-2024-4196
was published
Jun 25, 2024
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an...
Critical
Unreviewed
CVE-2024-34108
was published
Jun 13, 2024
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0,...
Critical
Unreviewed
CVE-2024-35213
was published
Jun 11, 2024
ProTip!
Advisories are also available from the
GraphQL API