Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+

22,099 advisories

Loading
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset... Critical Unreviewed
CVE-2024-24621 was published Jul 26, 2024
Access control vulnerability in the security verification module. Impact: Successful exploitation... Critical Unreviewed
CVE-2024-39671 was published Jul 25, 2024
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is... Critical Unreviewed
CVE-2024-40422 was published Jul 24, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code... Critical Unreviewed
CVE-2024-6327 was published Jul 24, 2024
Remote command execution due to use of default passwords. The following products are affected:... Critical Unreviewed
CVE-2023-45249 was published Jul 24, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to... Critical Unreviewed
CVE-2024-38164 was published Jul 24, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2024-41319 was published Jul 23, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming ... Critical Unreviewed
CVE-2024-6794 was published Jul 22, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that... Critical Unreviewed
CVE-2024-6793 was published Jul 22, 2024
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project... Critical Unreviewed
CVE-2024-6806 was published Jul 22, 2024
Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to... Critical Unreviewed
CVE-2024-6912 was published Jul 22, 2024
Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a... Critical Unreviewed
CVE-2024-6913 was published Jul 22, 2024
All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ... Critical Unreviewed
CVE-2024-21552 was published Jul 22, 2024
Ankitects Anki arbitrary script execution vulnerability Critical
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5... Critical Unreviewed
CVE-2024-37998 was published Jul 22, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-38773 was published Jul 22, 2024
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"... Critical Unreviewed
CVE-2024-37391 was published Jul 22, 2024
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a... Critical Unreviewed
CVE-2024-41704 was published Jul 22, 2024
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed... Critical Unreviewed
CVE-2024-41703 was published Jul 22, 2024
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel Critical Unreviewed
CVE-2024-38437 was published Jul 21, 2024
D-Link - CWE-294: Authentication Bypass by Capture-replay Critical Unreviewed
CVE-2024-38438 was published Jul 21, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of... Critical Unreviewed
CVE-2024-6636 was published Jul 20, 2024
The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a... Critical Unreviewed
CVE-2024-6205 was published Jul 19, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-0857 was published Jul 18, 2024
ProTip! Advisories are also available from the GraphQL API