Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

23,998 advisories

Loading
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and... Critical Unreviewed
CVE-2024-11737 was published Dec 11, 2024
When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could... Critical Unreviewed
CVE-2024-11053 was published Dec 11, 2024
Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php`... Critical Unreviewed
CVE-2024-53480 was published Dec 10, 2024
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting ... Critical Unreviewed
CVE-2024-54032 was published Dec 10, 2024
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure... Critical Unreviewed
CVE-2024-11634 was published Dec 10, 2024
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated... Critical Unreviewed
CVE-2024-11633 was published Dec 10, 2024
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote... Critical Unreviewed
CVE-2024-11639 was published Dec 10, 2024
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote... Critical Unreviewed
CVE-2024-11772 was published Dec 10, 2024
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote... Critical Unreviewed
CVE-2024-11773 was published Dec 10, 2024
An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication... Critical Unreviewed
CVE-2024-46442 was published Dec 10, 2024
SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP... Critical Unreviewed
CVE-2024-55547 was published Dec 10, 2024
MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using... Critical Unreviewed
CVE-2024-12286 was published Dec 10, 2024
An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build... Critical Unreviewed
CVE-2024-45494 was published Dec 10, 2024
An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build... Critical Unreviewed
CVE-2024-45493 was published Dec 10, 2024
Angular Expressions - Remote Code Execution when using locals Critical
CVE-2024-54152 was published for angular-expressions (npm) Dec 10, 2024
JorianWoltjer
COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc... Critical Unreviewed
CVE-2024-54751 was published Dec 10, 2024
Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on A77, A78, A78C,... Critical Unreviewed
CVE-2024-5660 was published Dec 10, 2024
Adobe Document Service allows an attacker with administrator privileges to send a crafted request... Critical Unreviewed
CVE-2024-47578 was published Dec 10, 2024
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account... Critical Unreviewed
CVE-2024-53552 was published Dec 10, 2024
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack... Critical Unreviewed
CVE-2024-37143 was published Dec 10, 2024
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning... Critical Unreviewed
CVE-2024-54923 was published Dec 9, 2024
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0,... Critical Unreviewed
CVE-2024-54921 was published Dec 9, 2024
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1... Critical Unreviewed
CVE-2024-54924 was published Dec 9, 2024
A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1... Critical Unreviewed
CVE-2024-54931 was published Dec 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database