Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,519 advisories

Loading
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py Critical
CVE-2024-39236 was published for Gradio (pip) Jul 1, 2024
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection... High Unreviewed
CVE-2024-6376 was published Jul 1, 2024
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function... Critical Unreviewed
CVE-2024-39017 was published Jul 1, 2024
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request.... Critical Unreviewed
CVE-2024-39015 was published Jul 1, 2024
Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function... Moderate Unreviewed
CVE-2024-38990 was published Jul 1, 2024
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by... Low Unreviewed
CVE-2024-3995 was published Jun 29, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... Moderate Unreviewed
CVE-2024-36075 was published Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java... Critical Unreviewed
CVE-2024-39669 was published Jun 27, 2024
An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware... High Unreviewed
CVE-2024-37855 was published Jun 25, 2024
PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from... Critical Unreviewed
CVE-2023-50029 was published Jun 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP... Critical Unreviewed
CVE-2024-37228 was published Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software... Critical Unreviewed
CVE-2024-37109 was published Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM... Critical Unreviewed
CVE-2024-5683 was published Jun 24, 2024
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when... Critical Unreviewed
CVE-2024-39331 was published Jun 24, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded... High Unreviewed
CVE-2024-38319 was published Jun 22, 2024
SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote attacker to execute arbitrary... Moderate Unreviewed
CVE-2024-33335 was published Jun 20, 2024
XWiki Platform allows remote code execution from user account Critical
CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can... Critical Unreviewed
CVE-2024-36679 was published Jun 19, 2024
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this... Critical Unreviewed
CVE-2024-37124 was published Jun 19, 2024
A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-36575 was published Jun 17, 2024
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to... Critical Unreviewed
CVE-2024-38396 was published Jun 16, 2024
htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is... Critical Unreviewed
CVE-2024-38448 was published Jun 16, 2024
ProTip! Advisories are also available from the GraphQL API