Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,973
NuGet
715
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,533 advisories

Loading
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0... High Unreviewed
CVE-2024-7627 was published Sep 5, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine High
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja andres-torres-marroquin
adamsachs daveqnet
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to... High Unreviewed
CVE-2024-42902 was published Sep 3, 2024
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit... High Unreviewed
CVE-2024-7345 was published Sep 3, 2024
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via... High Unreviewed
CVE-2024-8374 was published Sep 3, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2024-45346 was published Aug 28, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2023-26322 was published Aug 28, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2023-26324 was published Aug 28, 2024
The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all... High Unreviewed
CVE-2024-7656 was published Aug 24, 2024
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1... High Unreviewed
CVE-2024-42845 was published Aug 23, 2024
An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via... High Unreviewed
CVE-2024-42756 was published Aug 23, 2024
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below... High Unreviewed
CVE-2024-5466 was published Aug 23, 2024
The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2024-7559 was published Aug 23, 2024
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that... High Unreviewed
CVE-2024-42599 was published Aug 22, 2024
squirrelly Code Injection vulnerability High
CVE-2024-40453 was published for squirrelly (npm) Aug 21, 2024
This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689  was introduced in... High Unreviewed
CVE-2024-21689 was published Aug 20, 2024
GitHub Actions Script Injection in `ultralytics/actions` High
GHSA-7x29-qqmq-v6qc was published for ultralytics/actions (GitHub Actions) Aug 14, 2024
AdnaneKhan
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command... High Unreviewed
CVE-2024-42739 was published Aug 13, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command... High Unreviewed
CVE-2024-42745 was published Aug 12, 2024
A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote... High Unreviewed
CVE-2024-5651 was published Aug 12, 2024
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live... High Unreviewed
CVE-2024-40487 was published Aug 12, 2024
Improper validation in a model specific register (MSR) could allow a malicious program with ring0... High Unreviewed
CVE-2023-31315 was published Aug 12, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0... High Unreviewed
CVE-2023-33206 was published Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database