GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,767 advisories
Filter by severity
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded...
High
Unreviewed
CVE-2024-38319
was published
Jun 22, 2024
SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote attacker to execute arbitrary...
Moderate
Unreviewed
CVE-2024-33335
was published
Jun 20, 2024
XWiki Platform allows remote code execution from user account
Critical
CVE-2024-37899
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 20, 2024
The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions...
High
Unreviewed
CVE-2024-3562
was published
Jun 20, 2024
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can...
Critical
Unreviewed
CVE-2024-36679
was published
Jun 19, 2024
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this...
Critical
Unreviewed
CVE-2024-37124
was published
Jun 19, 2024
Dolibarr arbitrary file upload vulnerability
High
CVE-2024-37821
was published
for
dolibarr/dolibarr
(Composer)
Jun 18, 2024
A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2024-36575
was published
Jun 17, 2024
Badger Database Prototype Pollution
High
CVE-2024-36581
was published
for
@abw/badger-database
(npm)
Jun 17, 2024
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to...
Critical
Unreviewed
CVE-2024-38396
was published
Jun 16, 2024
Xenforo before 2.2.16 allows code injection.
High
Unreviewed
CVE-2024-38458
was published
Jun 16, 2024
htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is...
Critical
Unreviewed
CVE-2024-38448
was published
Jun 16, 2024
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus...
Critical
Unreviewed
CVE-2024-38395
was published
Jun 16, 2024
An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary...
High
Unreviewed
CVE-2024-36598
was published
Jun 14, 2024
In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a...
High
Unreviewed
CVE-2024-32925
was published
Jun 13, 2024
A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to...
Critical
Unreviewed
CVE-2024-37849
was published
Jun 13, 2024
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the...
Critical
Unreviewed
CVE-2024-1577
was published
Jun 12, 2024
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote...
High
Unreviewed
CVE-2024-5834
was published
Jun 11, 2024
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could...
Critical
Unreviewed
CVE-2024-34405
was published
Jun 11, 2024
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in...
High
Unreviewed
CVE-2024-27857
was published
Jun 10, 2024
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2022-32897
was published
Jun 10, 2024
Langflow remote code execution vulnerability
High
CVE-2024-37014
was published
for
langflow
(pip)
Jun 10, 2024
Vulnerability discovered by executing a planned security audit.
Improper Control of Generation...
High
Unreviewed
CVE-2024-34761
was published
Jun 10, 2024
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code...
Moderate
Unreviewed
CVE-2024-36531
was published
Jun 10, 2024
ProTip!
Advisories are also available from the
GraphQL API