Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

775 advisories

Loading
A condition exists in FlashArray Purity whereby an user with array admin role can execute... Critical Unreviewed
CVE-2024-0004 was published Sep 23, 2024
SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although... Critical Unreviewed
CVE-2024-46640 was published Sep 20, 2024
SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. Critical Unreviewed
CVE-2024-46103 was published Sep 20, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww... Critical Unreviewed
CVE-2024-7104 was published Sep 16, 2024
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker... Critical Unreviewed
CVE-2024-44430 was published Sep 13, 2024
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers... Critical Unreviewed
CVE-2024-44466 was published Sep 11, 2024
An unauthenticated remote attacker can run malicious c# code included in curve files and execute... Critical Unreviewed
CVE-2024-6596 was published Sep 10, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. Critical Unreviewed
CVE-2024-44411 was published Sep 9, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Critical Unreviewed
CVE-2024-44410 was published Sep 9, 2024
pyload-ng vulnerable to RCE with js2py sandbox escape Critical
CVE-2024-39205 was published for pyload-ng (pip) Sep 9, 2024
Marven11
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to... Critical Unreviewed
CVE-2024-39714 was published Sep 7, 2024
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2024-45623 was published Sep 2, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41369 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41368 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41361 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41367 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41366 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41364 was published Aug 29, 2024
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code... Critical Unreviewed
CVE-2024-7720 was published Aug 27, 2024
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling... Critical Unreviewed
CVE-2024-45321 was published Aug 27, 2024
LlamaIndex includes an exec call for `import {cls_name}` Critical
CVE-2024-45201 was published for llama-index-core (pip) Aug 22, 2024
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and... Critical Unreviewed
CVE-2024-6386 was published Aug 21, 2024
Apache Dolphinscheduler Code Injection vulnerability Critical
CVE-2024-43202 was published for org.apache.dolphinscheduler:dolphinscheduler-task-api (Maven) Aug 20, 2024
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15... Critical Unreviewed
CVE-2024-42634 was published Aug 16, 2024
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to... Critical Unreviewed
CVE-2024-41623 was published Aug 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database