GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,767 advisories
Filter by severity
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.
Critical
Unreviewed
CVE-2024-39844
was published
Jul 3, 2024
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Critical
CVE-2024-39236
was published
for
Gradio
(pip)
Jul 1, 2024
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection...
High
Unreviewed
CVE-2024-6376
was published
Jul 1, 2024
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function...
Critical
Unreviewed
CVE-2024-39017
was published
Jul 1, 2024
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request....
Critical
Unreviewed
CVE-2024-39015
was published
Jul 1, 2024
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function...
Moderate
Unreviewed
CVE-2024-39002
was published
Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty.
Critical
CVE-2024-38993
was published
for
jsonic
(npm)
Jul 1, 2024
•
withdrawn
Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function...
Moderate
Unreviewed
CVE-2024-38990
was published
Jul 1, 2024
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by...
Low
Unreviewed
CVE-2024-3995
was published
Jun 29, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Moderate
Unreviewed
CVE-2024-36075
was published
Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
High
Unreviewed
CVE-2024-36074
was published
Jun 27, 2024
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the...
Moderate
Unreviewed
CVE-2024-39209
was published
Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection
Critical
CVE-2024-5826
was published
for
vanna
(pip)
Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely
Critical
CVE-2024-5751
was published
for
litellm
(pip)
Jun 27, 2024
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java...
Critical
Unreviewed
CVE-2024-39669
was published
Jun 27, 2024
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute...
Moderate
Unreviewed
CVE-2023-26877
was published
Jun 26, 2024
An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware...
High
Unreviewed
CVE-2024-37855
was published
Jun 25, 2024
A security vulnerability has been identified in HPE Athonet Mobile Core software. The core...
High
Unreviewed
CVE-2024-6206
was published
Jun 25, 2024
PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from...
Critical
Unreviewed
CVE-2023-50029
was published
Jun 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP...
Critical
Unreviewed
CVE-2024-37228
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software...
Critical
Unreviewed
CVE-2024-37109
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM...
Critical
Unreviewed
CVE-2024-5683
was published
Jun 24, 2024
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when...
Critical
Unreviewed
CVE-2024-39331
was published
Jun 24, 2024
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
ProTip!
Advisories are also available from the
GraphQL API