GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,955
Composer 4,274
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,836

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

501 advisories

Filter by severity

Sort by

Least recently updated

Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww... Critical Unreviewed

CVE-2024-7104 was published Sep 16, 2024

SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker... Critical Unreviewed

CVE-2024-44430 was published Sep 13, 2024

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers... Critical Unreviewed

CVE-2024-44466 was published Sep 11, 2024

An unauthenticated remote attacker can run malicious c# code included in curve files and execute... Critical Unreviewed

CVE-2024-6596 was published Sep 10, 2024

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. Critical Unreviewed

CVE-2024-44411 was published Sep 9, 2024

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Critical Unreviewed

CVE-2024-44410 was published Sep 9, 2024

A code injection vulnerability that permits a low-privileged user to upload arbitrary files to... Critical Unreviewed

CVE-2024-39714 was published Sep 7, 2024

D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code... Critical Unreviewed

CVE-2024-45623 was published Sep 2, 2024

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed

CVE-2024-41369 was published Aug 29, 2024

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed

CVE-2024-41368 was published Aug 29, 2024

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed

CVE-2024-41367 was published Aug 29, 2024

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed

CVE-2024-41364 was published Aug 29, 2024

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed

CVE-2024-41361 was published Aug 29, 2024

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed

CVE-2024-41366 was published Aug 29, 2024

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code... Critical Unreviewed

CVE-2024-7720 was published Aug 27, 2024

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling... Critical Unreviewed

CVE-2024-45321 was published Aug 27, 2024

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and... Critical Unreviewed

CVE-2024-6386 was published Aug 21, 2024

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15... Critical Unreviewed

CVE-2024-42634 was published Aug 16, 2024

An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to... Critical Unreviewed

CVE-2024-41623 was published Aug 13, 2024

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML... Critical Unreviewed

CVE-2024-37287 was published Aug 13, 2024

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to... Critical Unreviewed

CVE-2024-7094 was published Aug 13, 2024

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed

CVE-2024-41651 was published Aug 12, 2024

An administrator with restricted permissions can exploit the script execution functionality... Critical Unreviewed

CVE-2024-22116 was published Aug 12, 2024

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to... Critical Unreviewed

CVE-2024-42393 was published Aug 6, 2024

Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v... Critical Unreviewed

CVE-2024-40530 was published Aug 5, 2024

Previous 1 2 3 4 5 … 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

501 advisories