Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

662 advisories

Loading
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-41651 was published Aug 12, 2024
An administrator with restricted permissions can exploit the script execution functionality... Critical Unreviewed
CVE-2024-22116 was published Aug 12, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to... Critical Unreviewed
CVE-2024-42393 was published Aug 6, 2024
Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v... Critical Unreviewed
CVE-2024-40530 was published Aug 5, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet Critical
CVE-2024-37901 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Jul 31, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2024-41468 was published Jul 26, 2024
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-38944 was published Jul 22, 2024
All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ... Critical Unreviewed
CVE-2024-21552 was published Jul 22, 2024
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a... Critical Unreviewed
CVE-2024-39962 was published Jul 19, 2024
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the... Critical Unreviewed
CVE-2024-36456 was published Jul 15, 2024
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The... Critical Unreviewed
CVE-2024-25077 was published Jul 10, 2024
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the... Critical Unreviewed
CVE-2024-37770 was published Jul 10, 2024
Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. Critical Unreviewed
CVE-2024-39071 was published Jul 9, 2024
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to... Critical Unreviewed
CVE-2024-38346 was published Jul 5, 2024
Gogs allows argument injection during the previewing of changes Critical
CVE-2024-39932 was published for github.com/gogs/gogs (Go) Jul 4, 2024
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. Critical Unreviewed
CVE-2024-39844 was published Jul 3, 2024
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024
kmulka-bloomberg
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function... Critical Unreviewed
CVE-2024-39017 was published Jul 1, 2024
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request.... Critical Unreviewed
CVE-2024-39015 was published Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024 withdrawn
wzrdtales
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java... Critical Unreviewed
CVE-2024-39669 was published Jun 27, 2024
ProTip! Advisories are also available from the GraphQL API