GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,325 advisories
Filter by severity
AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url...
High
Unreviewed
CVE-2024-44724
was published
Sep 9, 2024
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC...
High
Unreviewed
CVE-2024-38651
was published
Sep 7, 2024
A code injection vulnerability that allows a low-privileged user with REST API access granted to...
High
Unreviewed
CVE-2024-39715
was published
Sep 7, 2024
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0...
High
Unreviewed
CVE-2024-7627
was published
Sep 5, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
High
CVE-2024-45053
was published
for
ethyca-fides
(pip)
Sep 4, 2024
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to...
High
Unreviewed
CVE-2024-42902
was published
Sep 3, 2024
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit...
High
Unreviewed
CVE-2024-7345
was published
Sep 3, 2024
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via...
High
Unreviewed
CVE-2024-8374
was published
Sep 3, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This...
High
Unreviewed
CVE-2024-45346
was published
Aug 28, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This...
High
Unreviewed
CVE-2023-26322
was published
Aug 28, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This...
High
Unreviewed
CVE-2023-26324
was published
Aug 28, 2024
The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all...
High
Unreviewed
CVE-2024-7656
was published
Aug 24, 2024
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1...
High
Unreviewed
CVE-2024-42845
was published
Aug 23, 2024
An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via...
High
Unreviewed
CVE-2024-42756
was published
Aug 23, 2024
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below...
High
Unreviewed
CVE-2024-5466
was published
Aug 23, 2024
The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
High
Unreviewed
CVE-2024-7559
was published
Aug 23, 2024
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that...
High
Unreviewed
CVE-2024-42599
was published
Aug 22, 2024
squirrelly Code Injection vulnerability
High
CVE-2024-40453
was published
for
squirrelly
(npm)
Aug 21, 2024
GitHub Actions Script Injection in `ultralytics/actions`
High
GHSA-7x29-qqmq-v6qc
was published
for
ultralytics/actions
(GitHub Actions)
Aug 14, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command...
High
Unreviewed
CVE-2024-42739
was published
Aug 13, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command...
High
Unreviewed
CVE-2024-42745
was published
Aug 12, 2024
A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote...
High
Unreviewed
CVE-2024-5651
was published
Aug 12, 2024
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live...
High
Unreviewed
CVE-2024-40487
was published
Aug 12, 2024
Improper validation in a model specific register (MSR) could allow a malicious program with ring0...
High
Unreviewed
CVE-2023-31315
was published
Aug 12, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0...
High
Unreviewed
CVE-2023-33206
was published
Aug 8, 2024
ProTip!
Advisories are also available from the
GraphQL API