Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,744 advisories

Loading
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The... Critical Unreviewed
CVE-2024-25077 was published Jul 10, 2024
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the... Critical Unreviewed
CVE-2024-37770 was published Jul 10, 2024
A potential JSON injection attack vector exists in PingFederate REST API data stores using the... Low Unreviewed
CVE-2024-21832 was published Jul 10, 2024
Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. Critical Unreviewed
CVE-2024-39071 was published Jul 9, 2024
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary... Moderate Unreviewed
CVE-2024-40726 was published Jul 9, 2024
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary... Moderate Unreviewed
CVE-2024-40735 was published Jul 9, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja... Moderate Unreviewed
CVE-2024-37934 was published Jul 9, 2024
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to... Critical Unreviewed
CVE-2024-38346 was published Jul 5, 2024
Gogs allows argument injection during the previewing of changes Critical
CVE-2024-39932 was published for github.com/gogs/gogs (Go) Jul 4, 2024
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers... Moderate Unreviewed
CVE-2024-39165 was published Jul 4, 2024
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in... High Unreviewed
CVE-2024-6507 was published Jul 4, 2024
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows... High Unreviewed
CVE-2024-33871 was published Jul 3, 2024
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. Critical Unreviewed
CVE-2024-39844 was published Jul 3, 2024
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024
kmulka-bloomberg
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection... High Unreviewed
CVE-2024-6376 was published Jul 1, 2024
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function... Critical Unreviewed
CVE-2024-39017 was published Jul 1, 2024
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request.... Critical Unreviewed
CVE-2024-39015 was published Jul 1, 2024
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function... Moderate Unreviewed
CVE-2024-39002 was published Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024 withdrawn
wzrdtales
Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function... Moderate Unreviewed
CVE-2024-38990 was published Jul 1, 2024
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by... Low Unreviewed
CVE-2024-3995 was published Jun 29, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... Moderate Unreviewed
CVE-2024-36075 was published Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... High Unreviewed
CVE-2024-36074 was published Jun 27, 2024
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the... Moderate Unreviewed
CVE-2024-39209 was published Jun 27, 2024
ProTip! Advisories are also available from the GraphQL API