Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

718 advisories

Loading
Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code... Critical Unreviewed
CVE-2024-49254 was published Oct 16, 2024
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link... Critical Unreviewed
CVE-2024-48168 was published Oct 14, 2024
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary... Critical Unreviewed
CVE-2024-45873 was published Oct 8, 2024
A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code ... Critical Unreviewed
CVE-2024-45874 was published Oct 8, 2024
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code... Critical Unreviewed
CVE-2024-46076 was published Oct 7, 2024
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. Critical Unreviewed
CVE-2024-45186 was published Oct 2, 2024
A condition exists in FlashArray Purity whereby an user with array admin role can execute... Critical Unreviewed
CVE-2024-0004 was published Sep 23, 2024
SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. Critical Unreviewed
CVE-2024-46103 was published Sep 20, 2024
SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although... Critical Unreviewed
CVE-2024-46640 was published Sep 20, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww... Critical Unreviewed
CVE-2024-7104 was published Sep 16, 2024
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker... Critical Unreviewed
CVE-2024-44430 was published Sep 13, 2024
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers... Critical Unreviewed
CVE-2024-44466 was published Sep 11, 2024
An unauthenticated remote attacker can run malicious c# code included in curve files and execute... Critical Unreviewed
CVE-2024-6596 was published Sep 10, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. Critical Unreviewed
CVE-2024-44411 was published Sep 9, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Critical Unreviewed
CVE-2024-44410 was published Sep 9, 2024
pyload-ng vulnerable to RCE with js2py sandbox escape Critical
CVE-2024-39205 was published for pyload-ng (pip) Sep 9, 2024
Marven11
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to... Critical Unreviewed
CVE-2024-39714 was published Sep 7, 2024
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2024-45623 was published Sep 2, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41369 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41368 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41361 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41367 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41366 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41364 was published Aug 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database