Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,791
Erlang
36
GitHub Actions
29
Go
2,371
Maven
5,000+
npm
3,998
NuGet
720
pip
3,797
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

999 advisories

Loading
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the... Moderate Unreviewed
CVE-2024-39209 was published Jun 27, 2024
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute... Moderate Unreviewed
CVE-2023-26877 was published Jun 26, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote attacker to execute arbitrary... Moderate Unreviewed
CVE-2024-33335 was published Jun 20, 2024
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code... Moderate Unreviewed
CVE-2024-36531 was published Jun 10, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
Pug allows JavaScript code execution if an application accepts untrusted input Moderate
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger filipeom
Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12... Moderate Unreviewed
CVE-2024-31396 was published May 22, 2024
In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file... Moderate Unreviewed
CVE-2024-36078 was published May 19, 2024
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for... Moderate Unreviewed
CVE-2024-31974 was published May 17, 2024
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an... Moderate Unreviewed
CVE-2024-3044 was published May 14, 2024
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side... Moderate Unreviewed
CVE-2024-3787 was published May 14, 2024
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side... Moderate Unreviewed
CVE-2024-3788 was published May 14, 2024
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory... Moderate Unreviewed
CVE-2024-34225 was published May 14, 2024
The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows.... Moderate Unreviewed
CVE-2024-27793 was published May 14, 2024
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert... Moderate Unreviewed
CVE-2024-29209 was published May 7, 2024
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
kubevirt allows a local attacker to execute arbitrary code via a crafted command Moderate
CVE-2024-33394 was published for kubevirt.io/kubevirt (Go) May 2, 2024
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the... Moderate Unreviewed
CVE-2024-33442 was published May 1, 2024
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows... Moderate Unreviewed
CVE-2024-32404 was published Apr 26, 2024
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug... Moderate Unreviewed
CVE-2024-20359 was published Apr 24, 2024
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute... Moderate Unreviewed
CVE-2023-51797 was published Apr 19, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2024-29991 was published Apr 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database