Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

662 advisories

Loading
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version... Critical Unreviewed
CVE-2023-45590 was published Apr 9, 2024
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2024-31807 was published Apr 8, 2024
An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary... Critical Unreviewed
CVE-2024-31022 was published Apr 8, 2024
SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries... Critical Unreviewed
CVE-2023-36645 was published Apr 4, 2024
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4... Critical Unreviewed
CVE-2024-30568 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL.... Critical Unreviewed
CVE-2024-24707 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto... Critical Unreviewed
CVE-2024-25096 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance... Critical Unreviewed
CVE-2024-31390 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder... Critical Unreviewed
CVE-2024-31380 was published Apr 3, 2024
Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute... Critical Unreviewed
CVE-2024-31011 was published Apr 3, 2024
An issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2024-29276 was published Apr 2, 2024
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php. Critical Unreviewed
CVE-2024-30858 was published Apr 1, 2024
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php. Critical Unreviewed
CVE-2024-30868 was published Apr 1, 2024
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat... Critical Unreviewed
CVE-2023-41724 was published Mar 31, 2024
An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2... Critical Unreviewed
CVE-2024-31032 was published Mar 29, 2024
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2024-28386 was published Mar 25, 2024
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an... Critical Unreviewed
CVE-2024-22127 was published Mar 12, 2024
PaddlePaddle vulnerable to remote code execution Critical
CVE-2024-0917 was published for paddlepaddle (pip) Mar 7, 2024
Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2023-41503 was published Mar 7, 2024
Budibase affected by VM2 Constructor Escape Vulnerability Critical
GHSA-4g2x-vq5p-5vj6 was published for @budibase/server (npm) Mar 1, 2024
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2024-25293 was published Mar 1, 2024
An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted... Critical Unreviewed
CVE-2024-25180 was published Feb 29, 2024
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. Critical Unreviewed
CVE-2024-25291 was published Feb 29, 2024
SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote... Critical Unreviewed
CVE-2023-51801 was published Feb 29, 2024
SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0... Critical Unreviewed
CVE-2024-25350 was published Feb 29, 2024
ProTip! Advisories are also available from the GraphQL API