GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,218 advisories
Filter by severity
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1...
High
Unreviewed
CVE-2024-42845
was published
Aug 23, 2024
An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via...
High
Unreviewed
CVE-2024-42756
was published
Aug 23, 2024
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below...
High
Unreviewed
CVE-2024-5466
was published
Aug 23, 2024
The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
High
Unreviewed
CVE-2024-7559
was published
Aug 23, 2024
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that...
High
Unreviewed
CVE-2024-42599
was published
Aug 22, 2024
squirrelly Code Injection vulnerability
High
CVE-2024-40453
was published
for
squirrelly
(npm)
Aug 21, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command...
High
Unreviewed
CVE-2024-42739
was published
Aug 13, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command...
High
Unreviewed
CVE-2024-42745
was published
Aug 12, 2024
A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote...
High
Unreviewed
CVE-2024-5651
was published
Aug 12, 2024
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live...
High
Unreviewed
CVE-2024-40487
was published
Aug 12, 2024
Improper validation in a model specific register (MSR) could allow a malicious program with ring0...
High
Unreviewed
CVE-2023-31315
was published
Aug 12, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0...
High
Unreviewed
CVE-2023-33206
was published
Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions
High
CVE-2024-42356
was published
for
shopware/core
(Composer)
Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
High
CVE-2024-42355
was published
for
shopware/core
(Composer)
Aug 8, 2024
Attackers with a valid username and password can exploit a python code injection vulnerability...
High
Unreviewed
CVE-2024-6891
was published
Aug 8, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally
High
CVE-2024-34344
was published
for
nuxt
(npm)
Aug 5, 2024
WD Discovery
versions prior to 5.0.589 contain a misconfiguration in the Node.js environment...
High
Unreviewed
CVE-2024-22169
was published
Aug 2, 2024
Apache Inlong Code Injection vulnerability
High
CVE-2024-36268
was published
for
org.apache.inlong:tubemq-core
(Maven)
Aug 2, 2024
Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code...
High
Unreviewed
CVE-2024-6726
was published
Jul 29, 2024
OpenAM FreeMarker template injection
High
CVE-2024-41667
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jul 25, 2024
On versions before 2.1.4, a user could log in and perform a template injection attack resulting...
High
Unreviewed
CVE-2024-29178
was published
Jul 18, 2024
Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier...
High
Unreviewed
CVE-2024-29014
was published
Jul 18, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
High
CVE-2024-40420
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
High
CVE-2024-39877
was published
for
apache-airflow
(pip)
Jul 17, 2024
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be...
High
Unreviewed
CVE-2024-6655
was published
Jul 16, 2024
ProTip!
Advisories are also available from the
GraphQL API