GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,772 advisories
Filter by severity
req may send an unintended request when a malformed URL is provided
High
CVE-2024-45258
was published
for
github.com/imroc/req
(Go)
Aug 26, 2024
The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all...
High
Unreviewed
CVE-2024-7656
was published
Aug 24, 2024
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1...
High
Unreviewed
CVE-2024-42845
was published
Aug 23, 2024
An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via...
High
Unreviewed
CVE-2024-42756
was published
Aug 23, 2024
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below...
High
Unreviewed
CVE-2024-5466
was published
Aug 23, 2024
The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
High
Unreviewed
CVE-2024-7559
was published
Aug 23, 2024
LlamaIndex includes an exec call for `import {cls_name}`
Critical
CVE-2024-45201
was published
for
llama-index-core
(pip)
Aug 22, 2024
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that...
High
Unreviewed
CVE-2024-42599
was published
Aug 22, 2024
squirrelly Code Injection vulnerability
High
CVE-2024-40453
was published
for
squirrelly
(npm)
Aug 21, 2024
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that...
Moderate
Unreviewed
CVE-2024-42598
was published
Aug 20, 2024
Apache Dolphinscheduler Code Injection vulnerability
Critical
CVE-2024-43202
was published
for
org.apache.dolphinscheduler:dolphinscheduler-task-api
(Maven)
Aug 20, 2024
A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue...
Moderate
Unreviewed
CVE-2024-7899
was published
Aug 17, 2024
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15...
Critical
Unreviewed
CVE-2024-42634
was published
Aug 16, 2024
GitHub Actions Script Injection in `ultralytics/actions`
Critical
GHSA-7x29-qqmq-v6qc
was published
for
ultralytics/actions
(GitHub Actions)
Aug 14, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command...
High
Unreviewed
CVE-2024-42739
was published
Aug 13, 2024
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to...
Critical
Unreviewed
CVE-2024-41623
was published
Aug 13, 2024
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML...
Critical
Unreviewed
CVE-2024-37287
was published
Aug 13, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table...
Moderate
Unreviewed
CVE-2024-43128
was published
Aug 13, 2024
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-7094
was published
Aug 13, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command...
High
Unreviewed
CVE-2024-42745
was published
Aug 12, 2024
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2024-41651
was published
Aug 12, 2024
A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote...
High
Unreviewed
CVE-2024-5651
was published
Aug 12, 2024
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live...
High
Unreviewed
CVE-2024-40487
was published
Aug 12, 2024
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due...
Low
Unreviewed
CVE-2024-22123
was published
Aug 12, 2024
An administrator with restricted permissions can exploit the script execution functionality...
Critical
Unreviewed
CVE-2024-22116
was published
Aug 12, 2024
ProTip!
Advisories are also available from the
GraphQL API