Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,967
Maven
5,000+
npm
4,614
NuGet
788
pip
4,315
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

4,886 advisories

Loading
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue... Moderate Unreviewed
CVE-2024-8523 was published Sep 7, 2024
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code.... Moderate Unreviewed
CVE-2023-39333 was published Sep 7, 2024
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC... High Unreviewed
CVE-2024-38651 was published Sep 7, 2024
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to... Critical Unreviewed
CVE-2024-39714 was published Sep 7, 2024
A code injection vulnerability that allows a low-privileged user with REST API access granted to... High Unreviewed
CVE-2024-39715 was published Sep 7, 2024
pyload-ng vulnerable to RCE with js2py sandbox escape Critical
CVE-2024-39205 was published for pyload-ng (pip) Sep 9, 2024
Marven11
Credited to Marven11
AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url... High Unreviewed
CVE-2024-44724 was published Sep 9, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Critical Unreviewed
CVE-2024-44410 was published Sep 9, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. Critical Unreviewed
CVE-2024-44411 was published Sep 9, 2024
The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2024-8478 was published Sep 10, 2024
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to... High Unreviewed
CVE-2024-8268 was published Sep 10, 2024
An unauthenticated remote attacker can run malicious c# code included in curve files and execute... Critical Unreviewed
CVE-2024-6596 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43392 was published Sep 10, 2024
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to... High Unreviewed
CVE-2024-43388 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43390 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the ospf service through... Moderate Unreviewed
CVE-2024-43389 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43393 was published Sep 10, 2024
A low privileged remote attacker can perform configuration changes of the firewall services,... Moderate Unreviewed
CVE-2024-43391 was published Sep 10, 2024
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options... Low Unreviewed
CVE-2024-8258 was published Sep 10, 2024
Azure CycleCloud Remote Code Execution Vulnerability High Unreviewed
CVE-2024-43469 was published Sep 10, 2024
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers... Critical Unreviewed
CVE-2024-44466 was published Sep 11, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45850 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45846 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45848 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45849 was published for mindsdb (pip) Sep 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database