Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,854
NuGet
696
pip
3,639
Pub
12
RubyGems
912
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

958 advisories

Loading
A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools... Moderate Unreviewed
CVE-2024-6936 was published Jul 21, 2024
A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an... Moderate Unreviewed
CVE-2024-6940 was published Jul 21, 2024
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-36694 was published for opencart/opencart (Composer) Jul 17, 2024
Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken... Moderate Unreviewed
CVE-2024-37405 was published Jul 12, 2024
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary... Moderate Unreviewed
CVE-2024-40726 was published Jul 9, 2024
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary... Moderate Unreviewed
CVE-2024-40735 was published Jul 9, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja... Moderate Unreviewed
CVE-2024-37934 was published Jul 9, 2024
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non... Moderate Unreviewed
CVE-2024-22020 was published Jul 9, 2024
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers... Moderate Unreviewed
CVE-2024-39165 was published Jul 4, 2024
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function... Moderate Unreviewed
CVE-2024-39002 was published Jul 1, 2024
Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function... Moderate Unreviewed
CVE-2024-38990 was published Jul 1, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... Moderate Unreviewed
CVE-2024-36075 was published Jun 27, 2024
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the... Moderate Unreviewed
CVE-2024-39209 was published Jun 27, 2024
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute... Moderate Unreviewed
CVE-2023-26877 was published Jun 26, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote attacker to execute arbitrary... Moderate Unreviewed
CVE-2024-33335 was published Jun 20, 2024
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code... Moderate Unreviewed
CVE-2024-36531 was published Jun 10, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
Pug allows JavaScript code execution if an application accepts untrusted input Moderate
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger
Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12... Moderate Unreviewed
CVE-2024-31396 was published May 22, 2024
In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file... Moderate Unreviewed
CVE-2024-36078 was published May 19, 2024
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for... Moderate Unreviewed
CVE-2024-31974 was published May 17, 2024
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an... Moderate Unreviewed
CVE-2024-3044 was published May 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database