Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,744 advisories

Loading
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader Moderate
CVE-2024-37900 was published for org.xwiki.platform:xwiki-platform-web-war (Maven) Jul 31, 2024
RoboGR00t
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3... Moderate Unreviewed
CVE-2024-41304 was published Jul 30, 2024
Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code... High Unreviewed
CVE-2024-6726 was published Jul 29, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2024-41468 was published Jul 26, 2024
OpenAM FreeMarker template injection High
CVE-2024-41667 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Jul 25, 2024
AfterSnows
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-38944 was published Jul 22, 2024
All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ... Critical Unreviewed
CVE-2024-21552 was published Jul 22, 2024
A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected... Moderate Unreviewed
CVE-2024-6950 was published Jul 21, 2024
A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue... Moderate Unreviewed
CVE-2024-6947 was published Jul 21, 2024
A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This... Moderate Unreviewed
CVE-2024-6946 was published Jul 21, 2024
A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools... Moderate Unreviewed
CVE-2024-6936 was published Jul 21, 2024
A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an... Moderate Unreviewed
CVE-2024-6940 was published Jul 21, 2024
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a... Critical Unreviewed
CVE-2024-39962 was published Jul 19, 2024
On versions before 2.1.4, a user could log in and perform a template injection attack resulting... High Unreviewed
CVE-2024-29178 was published Jul 18, 2024
Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier... High Unreviewed
CVE-2024-29014 was published Jul 18, 2024
openCart Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-40420 was published for opencart/opencart (Composer) Jul 17, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler High
CVE-2024-39877 was published for apache-airflow (pip) Jul 17, 2024
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be... High Unreviewed
CVE-2024-6655 was published Jul 16, 2024
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the... Critical Unreviewed
CVE-2024-36456 was published Jul 15, 2024
langchain-experimental vulnerable to Arbitrary Code Execution High
CVE-2024-21513 was published for langchain-experimental (pip) Jul 15, 2024
setuptools vulnerable to Command Injection via package URL High
CVE-2024-6345 was published for setuptools (pip) Jul 15, 2024
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0... High Unreviewed
CVE-2024-40546 was published Jul 12, 2024
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by... High Unreviewed
CVE-2024-40522 was published Jul 12, 2024
Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken... Moderate Unreviewed
CVE-2024-37405 was published Jul 12, 2024
ProTip! Advisories are also available from the GraphQL API