GitHub Security Advisories

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of...

ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The...

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request...

A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of...

A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this...

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys...

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this...

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed...

A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0....

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the...

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the...

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to...

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all...

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the...

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This...

A vulnerability was determined in ahujasid blender-mcp up to...

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b....

Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3...

(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS...

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm...

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container...

Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25...

Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on...

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume...

When returning errors, functions in the net/textproto package would include its input as part of...

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function...

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service...

Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local...

A vulnerability has been found in ahujasid blender-mcp up to...

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation...

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation...

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1,...

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown...

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism...

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated...

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary...

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet...

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this...

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to...

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0'...

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order'...

A vulnerability was detected in sayan365 student-management-system up to...

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in...

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in...

A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is...

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain...

SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when...

Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.

Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling...

Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard...

Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a...

Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of...

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function...

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects...

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13...

Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling...

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the...

Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a...

Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control...

Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control...

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the...

Improper access control in the permission validation component in Devolutions Server 2026.1.19...

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an...

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and...

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter...

HCL iReflection Third party vulnerable and outdated components issue was detected in the web...

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling...

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names...

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization...

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of...

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization...

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP...

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System...

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the...

Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the...

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version...

SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec...

A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136...

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask...

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the...

Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to...

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136...

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI...

A high security vulnerability affecting Security Center main server installations has been...

CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity...

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ...

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4...

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker...

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...

Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. ...

A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136...

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting...