GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
2,376 advisories
Filter by severity
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that...
High
Unreviewed
CVE-2024-42599
was published
Aug 22, 2024
squirrelly Code Injection vulnerability
High
CVE-2024-40453
was published
for
squirrelly
(npm)
Aug 21, 2024
GitHub Actions Script Injection in `ultralytics/actions`
High
GHSA-7x29-qqmq-v6qc
was published
for
ultralytics/actions
(GitHub Actions)
Aug 14, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command...
High
Unreviewed
CVE-2024-42739
was published
Aug 13, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command...
High
Unreviewed
CVE-2024-42745
was published
Aug 12, 2024
A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote...
High
Unreviewed
CVE-2024-5651
was published
Aug 12, 2024
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live...
High
Unreviewed
CVE-2024-40487
was published
Aug 12, 2024
Improper validation in a model specific register (MSR) could allow a malicious program with ring0...
High
Unreviewed
CVE-2023-31315
was published
Aug 12, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0...
High
Unreviewed
CVE-2023-33206
was published
Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions
High
CVE-2024-42356
was published
for
shopware/core
(Composer)
Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
High
CVE-2024-42355
was published
for
shopware/core
(Composer)
Aug 8, 2024
Attackers with a valid username and password can exploit a python code injection vulnerability...
High
Unreviewed
CVE-2024-6891
was published
Aug 8, 2024
WD Discovery
versions prior to 5.0.589 contain a misconfiguration in the Node.js environment...
High
Unreviewed
CVE-2024-22169
was published
Aug 2, 2024
Apache Inlong Code Injection vulnerability
High
CVE-2024-36268
was published
for
org.apache.inlong:tubemq-core
(Maven)
Aug 2, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
High
CVE-2024-37900
was published
for
org.xwiki.platform:xwiki-platform-web-war
(Maven)
Jul 31, 2024
Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code...
High
Unreviewed
CVE-2024-6726
was published
Jul 29, 2024
OpenAM FreeMarker template injection
High
CVE-2024-41667
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jul 25, 2024
Apache StreamPark: FreeMarker SSTI RCE Vulnerability
High
CVE-2024-29178
was published
for
org.apache.streampark:streampark
(Maven)
Jul 18, 2024
Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier...
High
Unreviewed
CVE-2024-29014
was published
Jul 18, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
High
CVE-2024-39877
was published
for
apache-airflow
(pip)
Jul 17, 2024
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be...
High
Unreviewed
CVE-2024-6655
was published
Jul 16, 2024
setuptools vulnerable to Command Injection via package URL
High
CVE-2024-6345
was published
for
setuptools
(pip)
Jul 15, 2024
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by...
High
Unreviewed
CVE-2024-40522
was published
Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0...
High
Unreviewed
CVE-2024-40546
was published
Jul 12, 2024
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in...
High
Unreviewed
CVE-2024-6507
was published
Jul 4, 2024
ProTip!
Advisories are also available from the
GraphQL API