Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,726 advisories

Loading
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue... Moderate Unreviewed
CVE-2024-8523 was published Sep 7, 2024
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0... High Unreviewed
CVE-2024-7627 was published Sep 5, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine Critical
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja andres-torres-marroquin
adamsachs daveqnet
@blakeembrey/template vulnerable to code injection when attacker controls template input High
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to... High Unreviewed
CVE-2024-42902 was published Sep 3, 2024
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit... High Unreviewed
CVE-2024-7345 was published Sep 3, 2024
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via... High Unreviewed
CVE-2024-8374 was published Sep 3, 2024
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2024-45623 was published Sep 2, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41368 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41369 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41364 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41361 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41366 was published Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2024-41367 was published Aug 29, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc.... Moderate Unreviewed
CVE-2024-43922 was published Aug 29, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2023-26324 was published Aug 28, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2024-45346 was published Aug 28, 2024
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2023-26322 was published Aug 28, 2024
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code... Critical Unreviewed
CVE-2024-7720 was published Aug 27, 2024
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling... Critical Unreviewed
CVE-2024-45321 was published Aug 27, 2024
req may send an unintended request when a malformed URL is provided High
CVE-2024-45258 was published for github.com/imroc/req/v3 (Go) Aug 26, 2024
The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all... High Unreviewed
CVE-2024-7656 was published Aug 24, 2024
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1... High Unreviewed
CVE-2024-42845 was published Aug 23, 2024
An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via... High Unreviewed
CVE-2024-42756 was published Aug 23, 2024
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below... High Unreviewed
CVE-2024-5466 was published Aug 23, 2024
ProTip! Advisories are also available from the GraphQL API