Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,767 advisories

Loading
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. Critical Unreviewed
CVE-2024-39844 was published Jul 3, 2024
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024
kmulka-bloomberg
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection... High Unreviewed
CVE-2024-6376 was published Jul 1, 2024
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function... Critical Unreviewed
CVE-2024-39017 was published Jul 1, 2024
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request.... Critical Unreviewed
CVE-2024-39015 was published Jul 1, 2024
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function... Moderate Unreviewed
CVE-2024-39002 was published Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024 withdrawn
wzrdtales
Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function... Moderate Unreviewed
CVE-2024-38990 was published Jul 1, 2024
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by... Low Unreviewed
CVE-2024-3995 was published Jun 29, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... Moderate Unreviewed
CVE-2024-36075 was published Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... High Unreviewed
CVE-2024-36074 was published Jun 27, 2024
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the... Moderate Unreviewed
CVE-2024-39209 was published Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java... Critical Unreviewed
CVE-2024-39669 was published Jun 27, 2024
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute... Moderate Unreviewed
CVE-2023-26877 was published Jun 26, 2024
An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware... High Unreviewed
CVE-2024-37855 was published Jun 25, 2024
A security vulnerability has been identified in HPE Athonet Mobile Core software. The core... High Unreviewed
CVE-2024-6206 was published Jun 25, 2024
PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from... Critical Unreviewed
CVE-2023-50029 was published Jun 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP... Critical Unreviewed
CVE-2024-37228 was published Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software... Critical Unreviewed
CVE-2024-37109 was published Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM... Critical Unreviewed
CVE-2024-5683 was published Jun 24, 2024
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when... Critical Unreviewed
CVE-2024-39331 was published Jun 24, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
ProTip! Advisories are also available from the GraphQL API