Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

655 advisories

Loading
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers... Critical Unreviewed
CVE-2024-44466 was published Sep 11, 2024
An unauthenticated remote attacker can run malicious c# code included in curve files and execute... Critical Unreviewed
CVE-2024-6596 was published Sep 10, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. Critical Unreviewed
CVE-2024-44411 was published Sep 9, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Critical Unreviewed
CVE-2024-44410 was published Sep 9, 2024
pyload-ng vulnerable to RCE with js2py sandbox escape Critical
GHSA-r9pp-r4xf-597r was published for pyload-ng (pip) Sep 9, 2024
Marven11
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to... Critical Unreviewed
CVE-2024-39714 was published Sep 7, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine Critical
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja andres-torres-marroquin
adamsachs daveqnet
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2024-45623 was published Sep 2, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41368 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41369 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41364 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41361 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41366 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41367 was published Aug 29, 2024
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code... Critical Unreviewed
CVE-2024-7720 was published Aug 27, 2024
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling... Critical Unreviewed
CVE-2024-45321 was published Aug 27, 2024
LlamaIndex includes an exec call for `import {cls_name}` Critical
CVE-2024-45201 was published for llama-index-core (pip) Aug 22, 2024
Apache Dolphinscheduler Code Injection vulnerability Critical
CVE-2024-43202 was published for org.apache.dolphinscheduler:dolphinscheduler-task-api (Maven) Aug 20, 2024
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15... Critical Unreviewed
CVE-2024-42634 was published Aug 16, 2024
GitHub Actions Script Injection in `ultralytics/actions` Critical
GHSA-7x29-qqmq-v6qc was published for ultralytics/actions (GitHub Actions) Aug 14, 2024
AdnaneKhan
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to... Critical Unreviewed
CVE-2024-41623 was published Aug 13, 2024
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML... Critical Unreviewed
CVE-2024-37287 was published Aug 13, 2024
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-7094 was published Aug 13, 2024
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-41651 was published Aug 12, 2024
An administrator with restricted permissions can exploit the script execution functionality... Critical Unreviewed
CVE-2024-22116 was published Aug 12, 2024
ProTip! Advisories are also available from the GraphQL API