Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

99,473 advisories

Loading
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack... High Unreviewed
CVE-2024-10012 was published Nov 13, 2024
Symphony has an Authentication Bypass via RememberMe High
CVE-2024-51996 was published for symfony/security-http (Composer) Nov 13, 2024
jderusse m0xr4
Insecure creation of temporary files allows local users on systems with non-default... High Unreviewed
CVE-2024-49506 was published Nov 13, 2024
A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch... High Unreviewed
CVE-2024-48989 was published Nov 13, 2024
DotNetZip Directory Traversal vulnerability High
CVE-2024-48510 was published for DotNetZip (NuGet) Nov 13, 2024
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. High Unreviewed
CVE-2024-49504 was published Nov 13, 2024
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI High
CVE-2024-52293 was published for craftcms/cms (Composer) Nov 13, 2024
nullchilly
Craft CMS Arbitrary System File Read High
CVE-2024-52292 was published for craftcms/cms (Composer) Nov 13, 2024
pk2codes
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution High
CVE-2024-52291 was published for craftcms/cms (Composer) Nov 13, 2024
senzee1984
A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version... High Unreviewed
CVE-2024-47574 was published Nov 13, 2024
Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed... High Unreviewed
CVE-2024-4741 was published Nov 13, 2024
All versions of the package source-map-support are vulnerable to Directory Traversal in the... High Unreviewed
CVE-2024-21540 was published Nov 13, 2024
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-10828 was published Nov 13, 2024
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to... High Unreviewed
CVE-2024-10800 was published Nov 13, 2024
The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions... High Unreviewed
CVE-2024-10816 was published Nov 13, 2024
The WP Project Manager – Task, team, and project management plugin featuring kanban board and... High Unreviewed
CVE-2024-10174 was published Nov 13, 2024
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of... High Unreviewed
CVE-2024-8935 was published Nov 13, 2024
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability... High Unreviewed
CVE-2024-8937 was published Nov 13, 2024
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality... High Unreviewed
CVE-2024-8936 was published Nov 13, 2024
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel... High Unreviewed
CVE-2024-8933 was published Nov 13, 2024
CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to... High Unreviewed
CVE-2024-9409 was published Nov 13, 2024
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 and Ivanti Policy... High Unreviewed
CVE-2024-39709 was published Nov 13, 2024
A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local... High Unreviewed
CVE-2024-29211 was published Nov 13, 2024
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated... High Unreviewed
CVE-2024-37398 was published Nov 13, 2024
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6... High Unreviewed
CVE-2024-37376 was published Nov 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database