Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,035
Erlang
29
GitHub Actions
18
Go
1,845
Maven
5,000+
npm
3,581
NuGet
636
pip
3,164
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,656 advisories

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache... Unknown Unreviewed
CVE-2024-43202 was published Aug 20, 2024
A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue... Moderate Unreviewed
CVE-2024-7899 was published Aug 17, 2024
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15... Critical Unreviewed
CVE-2024-42634 was published Aug 16, 2024
GitHub Actions Script Injection in `ultralytics/actions` Critical
GHSA-7x29-qqmq-v6qc was published for ultralytics/actions (GitHub Actions) Aug 14, 2024
AdnaneKhan
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command... High Unreviewed
CVE-2024-42739 was published Aug 13, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table... Moderate Unreviewed
CVE-2024-43128 was published Aug 13, 2024
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML... Critical Unreviewed
CVE-2024-37287 was published Aug 13, 2024
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-7094 was published Aug 13, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command... High Unreviewed
CVE-2024-42745 was published Aug 12, 2024
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-41651 was published Aug 12, 2024
A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote... High Unreviewed
CVE-2024-5651 was published Aug 12, 2024
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due... Low Unreviewed
CVE-2024-22123 was published Aug 12, 2024
An administrator with restricted permissions can exploit the script execution functionality... Critical Unreviewed
CVE-2024-22116 was published Aug 12, 2024
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway... Moderate Unreviewed
CVE-2024-37382 was published Aug 8, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0... High Unreviewed
CVE-2023-33206 was published Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to... Moderate Unreviewed
CVE-2024-3958 was published Aug 8, 2024
Attackers with a valid username and password can exploit a python code injection vulnerability... High Unreviewed
CVE-2024-6891 was published Aug 8, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to... Critical Unreviewed
CVE-2024-42393 was published Aug 6, 2024
Editor.js vulnerable to Code Injection Moderate
CVE-2022-23474 was published for @editorjs/editorjs (npm) Aug 5, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally High
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v... Critical Unreviewed
CVE-2024-40530 was published Aug 5, 2024
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment... High Unreviewed
CVE-2024-22169 was published Aug 2, 2024
Apache Inlong Code Injection vulnerability Critical
CVE-2024-36268 was published for org.apache.inlong:tubemq-core (Maven) Aug 2, 2024
ProTip! Advisories are also available from the GraphQL API