Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,744 advisories

Loading
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41361 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41366 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41367 was published Aug 29, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc.... Moderate Unreviewed
CVE-2024-43922 was published Aug 29, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2023-26322 was published Aug 28, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2024-45346 was published Aug 28, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2023-26324 was published Aug 28, 2024
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code... Critical Unreviewed
CVE-2024-7720 was published Aug 27, 2024
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling... Critical Unreviewed
CVE-2024-45321 was published Aug 27, 2024
req may send an unintended request when a malformed URL is provided High
CVE-2024-45258 was published for github.com/imroc/req/v3 (Go) Aug 26, 2024
The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all... High Unreviewed
CVE-2024-7656 was published Aug 24, 2024
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1... High Unreviewed
CVE-2024-42845 was published Aug 23, 2024
An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via... High Unreviewed
CVE-2024-42756 was published Aug 23, 2024
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below... High Unreviewed
CVE-2024-5466 was published Aug 23, 2024
The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2024-7559 was published Aug 23, 2024
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that... High Unreviewed
CVE-2024-42599 was published Aug 22, 2024
LlamaIndex includes an exec call for `import {cls_name}` Critical
CVE-2024-45201 was published for llama-index-core (pip) Aug 22, 2024
squirrelly Code Injection vulnerability High
CVE-2024-40453 was published for squirrelly (npm) Aug 21, 2024
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that... Moderate Unreviewed
CVE-2024-42598 was published Aug 20, 2024
Apache Dolphinscheduler Code Injection vulnerability Critical
CVE-2024-43202 was published for org.apache.dolphinscheduler:dolphinscheduler-task-api (Maven) Aug 20, 2024
A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue... Moderate Unreviewed
CVE-2024-7899 was published Aug 17, 2024
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15... Critical Unreviewed
CVE-2024-42634 was published Aug 16, 2024
GitHub Actions Script Injection in `ultralytics/actions` Critical
GHSA-7x29-qqmq-v6qc was published for ultralytics/actions (GitHub Actions) Aug 14, 2024
AdnaneKhan
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command... High Unreviewed
CVE-2024-42739 was published Aug 13, 2024
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to... Critical Unreviewed
CVE-2024-41623 was published Aug 13, 2024
ProTip! Advisories are also available from the GraphQL API