Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

30,740 advisories

Loading
In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can... Critical Unreviewed
CVE-2024-23745 was published Jan 31, 2024
An issue in the permission and access control components within ROS2 Foxy Fitzroy ROS_VERSION=2... Critical Unreviewed
CVE-2023-51198 was published Jan 31, 2024
OS command injection vulnerability in command processing or system call componentsROS2 (Robot... Critical Unreviewed
CVE-2023-51202 was published Jan 31, 2024
Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows... Critical Unreviewed
CVE-2023-51204 was published Jan 31, 2024
An issue discovered in shell command execution in ROS2 (Robot Operating System 2) Foxy Fitzroy,... Critical Unreviewed
CVE-2023-51197 was published Jan 31, 2024
HashiCorp Vault Improper Privilege Management Critical
CVE-2020-10661 was published for github.com/hashicorp/vault (Go) Jan 30, 2024
andrewpollock Credited to andrewpollock
An attacker could potentially exploit this vulnerability, leading to the ability to modify files... Critical Unreviewed
CVE-2023-5389 was published Jan 30, 2024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2024-24328 was published Jan 30, 2024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2024-24332 was published Jan 30, 2024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2024-24331 was published Jan 30, 2024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2024-24327 was published Jan 30, 2024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2024-24330 was published Jan 30, 2024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2024-24333 was published Jan 30, 2024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2024-24329 was published Jan 30, 2024
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root... Critical Unreviewed
CVE-2024-24324 was published Jan 30, 2024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2024-24325 was published Jan 30, 2024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection... Critical Unreviewed
CVE-2024-24326 was published Jan 30, 2024
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Critical Unreviewed
CVE-2023-6943 was published Jan 30, 2024
DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension... Critical Unreviewed
CVE-2024-22682 was published Jan 30, 2024
Ylianst MeshCentral Missing SSL Certificate Validation Critical
CVE-2023-51837 was published for meshcentral (npm) Jan 30, 2024
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature Critical
CVE-2024-23827 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1 Credited to Elleuch-x1 and 0xJacky 0xJacky 0xJacky
Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter. Critical Unreviewed
CVE-2024-24141 was published Jan 29, 2024
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. Critical Unreviewed
CVE-2023-51840 was published Jan 29, 2024
DeviceFarmer stf uses DES-ECB Critical
CVE-2023-51839 was published for @devicefarmer/stf (npm) Jan 29, 2024
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07... Critical Unreviewed
CVE-2024-1015 was published Jan 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database