Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

30,740 advisories

Loading
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager ... Critical Unreviewed
CVE-2020-27648 was published May 24, 2022
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM)... Critical Unreviewed
CVE-2021-27646 was published May 24, 2022
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of... Critical Unreviewed
CVE-2017-14491 was published Apr 30, 2022
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to... Critical Unreviewed
CVE-2018-1160 was published May 13, 2022
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an... Critical Unreviewed
CVE-2024-48856 was published Jan 14, 2025
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-43925 was published Feb 8, 2022
XWiki Realtime WYSIWYG Editor extension allows privilege escalation (PR) through realtime WYSIWYG editing Critical
CVE-2025-23025 was published for org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui (Maven) Jan 14, 2025
An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of... Critical Unreviewed
CVE-2024-37186 was published Jan 14, 2025
A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of... Critical Unreviewed
CVE-2024-39357 was published Jan 14, 2025
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality... Critical Unreviewed
CVE-2024-39359 was published Jan 14, 2025
An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink... Critical Unreviewed
CVE-2024-39360 was published Jan 14, 2025
A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink... Critical Unreviewed
CVE-2024-39294 was published Jan 14, 2025
A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink... Critical Unreviewed
CVE-2024-36272 was published Jan 14, 2025
A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8... Critical Unreviewed
CVE-2024-39273 was published Jan 14, 2025
A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink... Critical Unreviewed
CVE-2024-21797 was published Jan 14, 2025
A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync()... Critical Unreviewed
CVE-2024-36258 was published Jan 14, 2025
A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000... Critical Unreviewed
CVE-2024-37357 was published Jan 14, 2025
A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of... Critical Unreviewed
CVE-2024-39288 was published Jan 14, 2025
A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000... Critical Unreviewed
CVE-2024-36295 was published Jan 14, 2025
An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup()... Critical Unreviewed
CVE-2024-38666 was published Jan 14, 2025
An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of... Critical Unreviewed
CVE-2024-39280 was published Jan 14, 2025
A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode()... Critical Unreviewed
CVE-2024-39363 was published Jan 14, 2025
A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000... Critical Unreviewed
CVE-2024-39358 was published Jan 14, 2025
An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun()... Critical Unreviewed
CVE-2024-39367 was published Jan 14, 2025
A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink... Critical Unreviewed
CVE-2024-39299 was published Jan 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database