Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,177 advisories

Loading
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification... Moderate Unreviewed
CVE-2024-7472 was published Oct 29, 2024
Langchain SQL Injection vulnerability Low
CVE-2024-8309 was published for langchain (pip) Oct 29, 2024
BarrensZeppelin eyurtsev
efriis
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice Moderate
CVE-2024-48927 was published for Umbraco.Cms (NuGet) Oct 22, 2024
cookie accepts cookie name, path, and domain with out of bounds characters Low
CVE-2024-47764 was published for cookie (npm) Oct 4, 2024
DataEase's H2 datasource has a remote command execution risk Critical
CVE-2024-46997 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP... Moderate Unreviewed
CVE-2024-25673 was published Sep 19, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability High
CVE-2024-46983 was published for com.alipay.sofa:hessian (Maven) Sep 19, 2024
unam4 springkill
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
D-Tale Command Execution Vulnerability Moderate
CVE-2024-8862 was published for dtale (pip) Sep 16, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. Moderate Unreviewed
CVE-2024-6702 was published Sep 12, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder Moderate
CVE-2024-45595 was published for dtale (pip) Sep 10, 2024
AfterSnows
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to... High Unreviewed
CVE-2024-43388 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43390 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43392 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43393 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the ospf service through... Moderate Unreviewed
CVE-2024-43389 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43391 was published Sep 10, 2024
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806... Moderate Unreviewed
CVE-2024-42903 was published Sep 3, 2024
A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to... Moderate Unreviewed
CVE-2024-8367 was published Sep 1, 2024
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c... Moderate Unreviewed
CVE-2024-2881 was published Aug 30, 2024
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in... Moderate Unreviewed
CVE-2024-1545 was published Aug 30, 2024
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Static-Flow
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS... Critical Unreviewed
CVE-2024-42914 was published Aug 23, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to... Moderate Unreviewed
CVE-2024-31882 was published Aug 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database