GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
662 advisories
Filter by severity
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2024-41651
was published
Aug 12, 2024
An administrator with restricted permissions can exploit the script execution functionality...
Critical
Unreviewed
CVE-2024-22116
was published
Aug 12, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to...
Critical
Unreviewed
CVE-2024-42393
was published
Aug 6, 2024
Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v...
Critical
Unreviewed
CVE-2024-40530
was published
Aug 5, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Critical
CVE-2024-37901
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Jul 31, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2024-41468
was published
Jul 26, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-38944
was published
Jul 22, 2024
All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ...
Critical
Unreviewed
CVE-2024-21552
was published
Jul 22, 2024
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a...
Critical
Unreviewed
CVE-2024-39962
was published
Jul 19, 2024
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the...
Critical
Unreviewed
CVE-2024-36456
was published
Jul 15, 2024
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The...
Critical
Unreviewed
CVE-2024-25077
was published
Jul 10, 2024
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the...
Critical
Unreviewed
CVE-2024-37770
was published
Jul 10, 2024
Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php.
Critical
Unreviewed
CVE-2024-39071
was published
Jul 9, 2024
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to...
Critical
Unreviewed
CVE-2024-38346
was published
Jul 5, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.
Critical
Unreviewed
CVE-2024-39844
was published
Jul 3, 2024
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Critical
CVE-2024-39236
was published
for
Gradio
(pip)
Jul 1, 2024
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function...
Critical
Unreviewed
CVE-2024-39017
was published
Jul 1, 2024
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request....
Critical
Unreviewed
CVE-2024-39015
was published
Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty.
Critical
CVE-2024-38993
was published
for
jsonic
(npm)
Jul 1, 2024
•
withdrawn
vanna vulnerable to remote code execution caused by prompt injection
Critical
CVE-2024-5826
was published
for
vanna
(pip)
Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely
Critical
CVE-2024-5751
was published
for
litellm
(pip)
Jun 27, 2024
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java...
Critical
Unreviewed
CVE-2024-39669
was published
Jun 27, 2024
ProTip!
Advisories are also available from the
GraphQL API