GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
735 advisories
Filter by severity
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in...
Critical
Unreviewed
CVE-2024-21576
was published
Dec 13, 2024
ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval()...
Critical
Unreviewed
CVE-2024-21577
was published
Dec 13, 2024
The issue stems from a missing validation of the pip field in a POST request sent to the ...
Critical
Unreviewed
CVE-2024-21574
was published
Dec 12, 2024
From the VSPC management agent machine, under condition that the management agent is authorized...
Critical
Unreviewed
CVE-2024-42448
was published
Dec 12, 2024
Angular Expressions - Remote Code Execution when using locals
Critical
CVE-2024-54152
was published
for
angular-expressions
(npm)
Dec 10, 2024
Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php...
Critical
Unreviewed
CVE-2022-38946
was published
Dec 9, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro...
Critical
Unreviewed
CVE-2024-51815
was published
Dec 6, 2024
Improper Input Validation vulnerability allows Remote Code Execution.
Affected products:
ABB...
Critical
Unreviewed
CVE-2024-48839
was published
Dec 5, 2024
Unauthorized Access vulnerabilities allow Remote Code Execution.
Affected products:
ABB ASPECT...
Critical
Unreviewed
CVE-2024-48840
was published
Dec 5, 2024
An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the...
Critical
Unreviewed
CVE-2024-48453
was published
Dec 4, 2024
hull.js Code Injection Vulnerability
Critical
GHSA-q849-wxrc-vqrp
was published
for
hull.js
(npm)
Dec 2, 2024
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the...
Critical
Unreviewed
CVE-2024-36622
was published
Nov 29, 2024
The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is...
Critical
Unreviewed
CVE-2024-8672
was published
Nov 28, 2024
In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at...
Critical
Unreviewed
CVE-2024-53920
was published
Nov 27, 2024
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID...
Critical
Unreviewed
CVE-2024-53604
was published
Nov 27, 2024
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in...
Critical
Unreviewed
CVE-2024-52959
was published
Nov 27, 2024
An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard...
Critical
Unreviewed
CVE-2024-51367
was published
Nov 21, 2024
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm...
Critical
Unreviewed
CVE-2024-52765
was published
Nov 20, 2024
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of...
Critical
Unreviewed
CVE-2024-10094
was published
Nov 20, 2024
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of...
Critical
Unreviewed
CVE-2024-50919
was published
Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso...
Critical
Unreviewed
CVE-2024-52427
was published
Nov 18, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic...
Critical
Unreviewed
CVE-2024-52434
was published
Nov 18, 2024
An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP...
Critical
Unreviewed
CVE-2024-44758
was published
Nov 15, 2024
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of...
Critical
Unreviewed
CVE-2024-50636
was published
Nov 12, 2024
The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for...
Critical
Unreviewed
CVE-2024-46962
was published
Nov 11, 2024
ProTip!
Advisories are also available from the
GraphQL API