Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,326 advisories

Loading
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to... High Unreviewed
CVE-2024-8268 was published Sep 10, 2024
AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url... High Unreviewed
CVE-2024-44724 was published Sep 9, 2024
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC... High Unreviewed
CVE-2024-38651 was published Sep 7, 2024
A code injection vulnerability that allows a low-privileged user with REST API access granted to... High Unreviewed
CVE-2024-39715 was published Sep 7, 2024
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0... High Unreviewed
CVE-2024-7627 was published Sep 5, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine High
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja andres-torres-marroquin
adamsachs daveqnet
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to... High Unreviewed
CVE-2024-42902 was published Sep 3, 2024
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit... High Unreviewed
CVE-2024-7345 was published Sep 3, 2024
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via... High Unreviewed
CVE-2024-8374 was published Sep 3, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2024-45346 was published Aug 28, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2023-26324 was published Aug 28, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2023-26322 was published Aug 28, 2024
The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all... High Unreviewed
CVE-2024-7656 was published Aug 24, 2024
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1... High Unreviewed
CVE-2024-42845 was published Aug 23, 2024
An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via... High Unreviewed
CVE-2024-42756 was published Aug 23, 2024
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below... High Unreviewed
CVE-2024-5466 was published Aug 23, 2024
The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2024-7559 was published Aug 23, 2024
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that... High Unreviewed
CVE-2024-42599 was published Aug 22, 2024
squirrelly Code Injection vulnerability High
CVE-2024-40453 was published for squirrelly (npm) Aug 21, 2024
GitHub Actions Script Injection in `ultralytics/actions` High
GHSA-7x29-qqmq-v6qc was published for ultralytics/actions (GitHub Actions) Aug 14, 2024
AdnaneKhan
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command... High Unreviewed
CVE-2024-42739 was published Aug 13, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command... High Unreviewed
CVE-2024-42745 was published Aug 12, 2024
A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote... High Unreviewed
CVE-2024-5651 was published Aug 12, 2024
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live... High Unreviewed
CVE-2024-40487 was published Aug 12, 2024
Improper validation in a model specific register (MSR) could allow a malicious program with ring0... High Unreviewed
CVE-2023-31315 was published Aug 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database