Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

720 advisories

Loading
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the... Critical Unreviewed
CVE-2024-37770 was published Jul 10, 2024
Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. Critical Unreviewed
CVE-2024-39071 was published Jul 9, 2024
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to... Critical Unreviewed
CVE-2024-38346 was published Jul 5, 2024
Gogs allows argument injection during the previewing of changes Critical
CVE-2024-39932 was published for github.com/gogs/gogs (Go) Jul 4, 2024
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. Critical Unreviewed
CVE-2024-39844 was published Jul 3, 2024
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024
kmulka-bloomberg
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function... Critical Unreviewed
CVE-2024-39017 was published Jul 1, 2024
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request.... Critical Unreviewed
CVE-2024-39015 was published Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024 withdrawn
wzrdtales
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java... Critical Unreviewed
CVE-2024-39669 was published Jun 27, 2024
PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from... Critical Unreviewed
CVE-2023-50029 was published Jun 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP... Critical Unreviewed
CVE-2024-37228 was published Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software... Critical Unreviewed
CVE-2024-37109 was published Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM... Critical Unreviewed
CVE-2024-5683 was published Jun 24, 2024
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when... Critical Unreviewed
CVE-2024-39331 was published Jun 24, 2024
XWiki Platform allows remote code execution from user account Critical
CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can... Critical Unreviewed
CVE-2024-36679 was published Jun 19, 2024
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this... Critical Unreviewed
CVE-2024-37124 was published Jun 19, 2024
A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-36575 was published Jun 17, 2024
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to... Critical Unreviewed
CVE-2024-38396 was published Jun 16, 2024
htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is... Critical Unreviewed
CVE-2024-38448 was published Jun 16, 2024
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus... Critical Unreviewed
CVE-2024-38395 was published Jun 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database