Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

716 advisories

Loading
LlamaIndex includes an exec call for `import {cls_name}` Critical
CVE-2024-45201 was published for llama-index-core (pip) Aug 22, 2024
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and... Critical Unreviewed
CVE-2024-6386 was published Aug 21, 2024
Apache Dolphinscheduler Code Injection vulnerability Critical
CVE-2024-43202 was published for org.apache.dolphinscheduler:dolphinscheduler-task-api (Maven) Aug 20, 2024
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15... Critical Unreviewed
CVE-2024-42634 was published Aug 16, 2024
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to... Critical Unreviewed
CVE-2024-41623 was published Aug 13, 2024
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML... Critical Unreviewed
CVE-2024-37287 was published Aug 13, 2024
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-7094 was published Aug 13, 2024
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-41651 was published Aug 12, 2024
An administrator with restricted permissions can exploit the script execution functionality... Critical Unreviewed
CVE-2024-22116 was published Aug 12, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to... Critical Unreviewed
CVE-2024-42393 was published Aug 6, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally Critical
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v... Critical Unreviewed
CVE-2024-40530 was published Aug 5, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet Critical
CVE-2024-37901 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Jul 31, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2024-41468 was published Jul 26, 2024
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-38944 was published Jul 22, 2024
All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ... Critical Unreviewed
CVE-2024-21552 was published Jul 22, 2024
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a... Critical Unreviewed
CVE-2024-39962 was published Jul 19, 2024
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the... Critical Unreviewed
CVE-2024-36456 was published Jul 15, 2024
langchain-experimental vulnerable to Arbitrary Code Execution Critical
CVE-2024-21513 was published for langchain-experimental (pip) Jul 15, 2024
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The... Critical Unreviewed
CVE-2024-25077 was published Jul 10, 2024
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the... Critical Unreviewed
CVE-2024-37770 was published Jul 10, 2024
Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. Critical Unreviewed
CVE-2024-39071 was published Jul 9, 2024
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to... Critical Unreviewed
CVE-2024-38346 was published Jul 5, 2024
Gogs allows argument injection during the previewing of changes Critical
CVE-2024-39932 was published for github.com/gogs/gogs (Go) Jul 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database