Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

781 advisories

Loading
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function... Critical Unreviewed
CVE-2024-39017 was published Jul 1, 2024
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request.... Critical Unreviewed
CVE-2024-39015 was published Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024 withdrawn
wzrdtales
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java... Critical Unreviewed
CVE-2024-39669 was published Jun 27, 2024
PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from... Critical Unreviewed
CVE-2023-50029 was published Jun 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software... Critical Unreviewed
CVE-2024-37109 was published Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP... Critical Unreviewed
CVE-2024-37228 was published Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM... Critical Unreviewed
CVE-2024-5683 was published Jun 24, 2024
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when... Critical Unreviewed
CVE-2024-39331 was published Jun 24, 2024
XWiki Platform allows remote code execution from user account Critical
CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can... Critical Unreviewed
CVE-2024-36679 was published Jun 19, 2024
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this... Critical Unreviewed
CVE-2024-37124 was published Jun 19, 2024
A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-36575 was published Jun 17, 2024
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to... Critical Unreviewed
CVE-2024-38396 was published Jun 16, 2024
htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is... Critical Unreviewed
CVE-2024-38448 was published Jun 16, 2024
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus... Critical Unreviewed
CVE-2024-38395 was published Jun 16, 2024
A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to... Critical Unreviewed
CVE-2024-37849 was published Jun 13, 2024
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the... Critical Unreviewed
CVE-2024-1577 was published Jun 12, 2024
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could... Critical Unreviewed
CVE-2024-34405 was published Jun 11, 2024
Arbitrary Code Execution in TYPO3 CMS Critical
GHSA-67wg-6j7r-mqh8 was published for typo3/cms (Composer) Jun 5, 2024
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks... Critical Unreviewed
CVE-2024-25600 was published Jun 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database