Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,104 advisories

Loading
Plenti arbitrary file deletion vulnerability High
CVE-2024-49381 was published for github.com/plentico/plenti (Go) Oct 31, 2024
Plenti arbitrary file write vulnerability High
CVE-2024-49380 was published for github.com/plentico/plenti (Go) Oct 31, 2024
A vulnerability has been identified in the Express response.links function, allowing for... Moderate Unreviewed
CVE-2024-10491 was published Oct 29, 2024
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification... Moderate Unreviewed
CVE-2024-7472 was published Oct 29, 2024
Langchain-Community SQL Injection vulnerability Low
CVE-2024-8309 was published for langchain-community (pip) Oct 29, 2024
BarrensZeppelin
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice Moderate
CVE-2024-48927 was published for Umbraco.Cms (NuGet) Oct 22, 2024
cookie accepts cookie name, path, and domain with out of bounds characters Low
CVE-2024-47764 was published for cookie (npm) Oct 4, 2024
DataEase's H2 datasource has a remote command execution risk Critical
CVE-2024-46997 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP... Moderate Unreviewed
CVE-2024-25673 was published Sep 19, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability High
CVE-2024-46983 was published for com.alipay.sofa:hessian (Maven) Sep 19, 2024
unam4 springkill
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
D-Tale Command Execution Vulnerability Moderate
CVE-2024-8862 was published for dtale (pip) Sep 16, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. Moderate Unreviewed
CVE-2024-6702 was published Sep 12, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder Moderate
CVE-2024-45595 was published for dtale (pip) Sep 10, 2024
AfterSnows
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43390 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43391 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43393 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the ospf service through... Moderate Unreviewed
CVE-2024-43389 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43392 was published Sep 10, 2024
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to... High Unreviewed
CVE-2024-43388 was published Sep 10, 2024
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806... Moderate Unreviewed
CVE-2024-42903 was published Sep 3, 2024
A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to... Moderate Unreviewed
CVE-2024-8367 was published Sep 1, 2024
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c... Moderate Unreviewed
CVE-2024-2881 was published Aug 30, 2024
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in... Moderate Unreviewed
CVE-2024-1545 was published Aug 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database