Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,697
Erlang
34
GitHub Actions
28
Go
2,289
Maven
5,000+
npm
3,936
NuGet
708
pip
3,706
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,421 advisories

Loading
Composio Code Injection Vulnerability Moderate
CVE-2024-8864 was published for composio-core (pip) Sep 16, 2024
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7.... Moderate Unreviewed
CVE-2024-8880 was published Sep 16, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww... Critical Unreviewed
CVE-2024-7104 was published Sep 16, 2024
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code... High Unreviewed
CVE-2024-44623 was published Sep 16, 2024
sqlitedict insecure deserialization vulnerability High
CVE-2024-35515 was published for sqlitedict (pip) Sep 18, 2024
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology... High Unreviewed
CVE-2024-40125 was published Sep 19, 2024
A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected... Moderate Unreviewed
CVE-2024-9006 was published Sep 20, 2024
SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. Critical Unreviewed
CVE-2024-46103 was published Sep 20, 2024
SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although... Critical Unreviewed
CVE-2024-46640 was published Sep 20, 2024
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection. Critical Unreviewed
CVE-2024-47219 was published Sep 22, 2024
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and... High Unreviewed
CVE-2024-40442 was published Sep 23, 2024
A condition exists in FlashArray Purity whereby an user with array admin role can execute... Critical Unreviewed
CVE-2024-0004 was published Sep 23, 2024
A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute... High Unreviewed
CVE-2024-46639 was published Sep 23, 2024
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution ... Moderate Unreviewed
CVE-2024-37779 was published Sep 23, 2024
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary... High Unreviewed
CVE-2024-8623 was published Sep 24, 2024
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in... High Unreviewed
CVE-2024-8481 was published Sep 25, 2024
Remote command execution in promptr High
CVE-2024-46489 was published for @ifnotnowwhen/promptr (npm) Sep 25, 2024
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises... High Unreviewed
CVE-2024-6983 was published Sep 27, 2024
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical.... Moderate Unreviewed
CVE-2024-9324 was published Sep 29, 2024
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows... Moderate Unreviewed
CVE-2024-45200 was published Sep 30, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote... Low Unreviewed
CVE-2024-28811 was published Sep 30, 2024
An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code... Moderate Unreviewed
CVE-2024-44744 was published Oct 1, 2024
Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip... High Unreviewed
CVE-2024-46080 was published Oct 1, 2024
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. Critical Unreviewed
CVE-2024-45186 was published Oct 2, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress... Moderate Unreviewed
CVE-2024-8254 was published Oct 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database