Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,344
Maven
5,000+
npm
3,973
NuGet
719
pip
3,770
Pub
12
RubyGems
923
Rust
978
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,535 advisories

Loading
The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions... High Unreviewed
CVE-2024-3562 was published Jun 20, 2024
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Badger Database Prototype Pollution High
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
Xenforo before 2.2.16 allows code injection. High Unreviewed
CVE-2024-38458 was published Jun 16, 2024
An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary... High Unreviewed
CVE-2024-36598 was published Jun 14, 2024
In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a... High Unreviewed
CVE-2024-32925 was published Jun 13, 2024
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote... High Unreviewed
CVE-2024-5834 was published Jun 11, 2024
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in... High Unreviewed
CVE-2024-27857 was published Jun 10, 2024
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS... High Unreviewed
CVE-2022-32897 was published Jun 10, 2024
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
Vulnerability discovered by executing a planned security audit. Improper Control of Generation... High Unreviewed
CVE-2024-34761 was published Jun 10, 2024
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to... High Unreviewed
CVE-2024-4889 was published Jun 6, 2024
Privilege Escalation & SQL Injection in TYPO3 CMS High
GHSA-7qwg-fcpw-xg5g was published for typo3/cms (Composer) Jun 5, 2024
TYPO3 Remote Code Execution in third party library swiftmailer High
GHSA-g4pf-3jvq-2gcw was published for typo3/cms (Composer) Jun 5, 2024
javascript-deobfuscator crafted payload can lead to code execution High
CVE-2024-36120 was published for js-deobfuscator (npm) Jun 4, 2024
SteakEnthusiast
MLFlow improper input validation High
CVE-2024-37061 was published for mlflow (pip) Jun 4, 2024
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler High
CVE-2014-6072 was published for symfony/symfony (Composer) May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle High
CVE-2014-4931 was published for symfony/framework-bundle (Composer) May 30, 2024
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag High
CVE-2024-35226 was published for smarty/smarty (Composer) May 29, 2024
TrixterTheTux
An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07... High Unreviewed
CVE-2024-33228 was published May 22, 2024
An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition... High Unreviewed
CVE-2024-33225 was published May 22, 2024
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of... High Unreviewed
CVE-2024-21683 was published May 22, 2024
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious... High Unreviewed
CVE-2024-22274 was published May 21, 2024
litellm passes untrusted data to `eval` function without sanitization High
CVE-2024-4264 was published for litellm (pip) May 18, 2024
RunGptLLM class in LlamaIndex has a command injection High
CVE-2024-4181 was published for llama-index (pip) May 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database