GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,519 advisories
Filter by severity
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Critical
CVE-2024-39236
was published
for
Gradio
(pip)
Jul 1, 2024
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection...
High
Unreviewed
CVE-2024-6376
was published
Jul 1, 2024
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function...
Critical
Unreviewed
CVE-2024-39017
was published
Jul 1, 2024
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request....
Critical
Unreviewed
CVE-2024-39015
was published
Jul 1, 2024
Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function...
Moderate
Unreviewed
CVE-2024-38990
was published
Jul 1, 2024
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by...
Low
Unreviewed
CVE-2024-3995
was published
Jun 29, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Moderate
Unreviewed
CVE-2024-36075
was published
Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection
Critical
CVE-2024-5826
was published
for
vanna
(pip)
Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely
Critical
CVE-2024-5751
was published
for
litellm
(pip)
Jun 27, 2024
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java...
Critical
Unreviewed
CVE-2024-39669
was published
Jun 27, 2024
An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware...
High
Unreviewed
CVE-2024-37855
was published
Jun 25, 2024
PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from...
Critical
Unreviewed
CVE-2023-50029
was published
Jun 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP...
Critical
Unreviewed
CVE-2024-37228
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software...
Critical
Unreviewed
CVE-2024-37109
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM...
Critical
Unreviewed
CVE-2024-5683
was published
Jun 24, 2024
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when...
Critical
Unreviewed
CVE-2024-39331
was published
Jun 24, 2024
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded...
High
Unreviewed
CVE-2024-38319
was published
Jun 22, 2024
SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote attacker to execute arbitrary...
Moderate
Unreviewed
CVE-2024-33335
was published
Jun 20, 2024
XWiki Platform allows remote code execution from user account
Critical
CVE-2024-37899
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 20, 2024
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can...
Critical
Unreviewed
CVE-2024-36679
was published
Jun 19, 2024
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this...
Critical
Unreviewed
CVE-2024-37124
was published
Jun 19, 2024
A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via...
Critical
Unreviewed
CVE-2024-36575
was published
Jun 17, 2024
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to...
Critical
Unreviewed
CVE-2024-38396
was published
Jun 16, 2024
htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is...
Critical
Unreviewed
CVE-2024-38448
was published
Jun 16, 2024
ProTip!
Advisories are also available from the
GraphQL API