GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,018
Composer 4,300
Erlang 31
GitHub Actions 21
Go 2,069
Maven 5,241
npm 3,744
NuGet 668
pip 3,429
Pub 12
RubyGems 892
Rust 880
Swift 36

Unreviewed advisories

All unreviewed 240,525

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

510 advisories

Filter by severity

Sort by

Least recently updated

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15... Critical Unreviewed

CVE-2024-42634 was published Aug 16, 2024

An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to... Critical Unreviewed

CVE-2024-41623 was published Aug 13, 2024

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML... Critical Unreviewed

CVE-2024-37287 was published Aug 13, 2024

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to... Critical Unreviewed

CVE-2024-7094 was published Aug 13, 2024

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed

CVE-2024-41651 was published Aug 12, 2024

An administrator with restricted permissions can exploit the script execution functionality... Critical Unreviewed

CVE-2024-22116 was published Aug 12, 2024

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to... Critical Unreviewed

CVE-2024-42393 was published Aug 6, 2024

Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v... Critical Unreviewed

CVE-2024-40530 was published Aug 5, 2024

Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the... Critical Unreviewed

CVE-2024-41468 was published Jul 26, 2024

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute... Critical Unreviewed

CVE-2024-38944 was published Jul 22, 2024

All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ... Critical Unreviewed

CVE-2024-21552 was published Jul 22, 2024

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a... Critical Unreviewed

CVE-2024-39962 was published Jul 19, 2024

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the... Critical Unreviewed

CVE-2024-36456 was published Jul 15, 2024

An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The... Critical Unreviewed

CVE-2024-25077 was published Jul 10, 2024

14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the... Critical Unreviewed

CVE-2024-37770 was published Jul 10, 2024

Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. Critical Unreviewed

CVE-2024-39071 was published Jul 9, 2024

The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to... Critical Unreviewed

CVE-2024-38346 was published Jul 5, 2024

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. Critical Unreviewed

CVE-2024-39844 was published Jul 3, 2024

agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function... Critical Unreviewed

CVE-2024-39017 was published Jul 1, 2024

cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request.... Critical Unreviewed

CVE-2024-39015 was published Jul 1, 2024

In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java... Critical Unreviewed

CVE-2024-39669 was published Jun 27, 2024

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from... Critical Unreviewed

CVE-2023-50029 was published Jun 25, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software... Critical Unreviewed

CVE-2024-37109 was published Jun 24, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP... Critical Unreviewed

CVE-2024-37228 was published Jun 24, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM... Critical Unreviewed

CVE-2024-5683 was published Jun 24, 2024

Previous 1 2 3 4 5 6 … 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

510 advisories