GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,389 advisories
Filter by severity
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Critical
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
StringIO buffer overread vulnerability
Critical
CVE-2024-27280
was published
for
stringio
(RubyGems)
Mar 25, 2024
LocalAI Command Injection in audioToWav
Critical
CVE-2024-2029
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 10, 2024
Moby Docker cp broken with debian containers
Critical
CVE-2019-14271
was published
for
github.com/docker/docker
(Go)
May 24, 2022
It was possible for a web extension with minimal permissions to create a `StreamFilter` which...
Critical
Unreviewed
CVE-2024-7525
was published
Aug 6, 2024
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a...
Critical
Unreviewed
CVE-2024-28739
was published
Aug 6, 2024
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability...
Critical
Unreviewed
CVE-2024-7521
was published
Aug 6, 2024
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote...
Critical
Unreviewed
CVE-2024-7003
was published
Aug 6, 2024
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5...
Critical
Unreviewed
CVE-2020-22657
was published
Jan 20, 2023
There is a vulnerability in the AP Certificate Management Service which could allow a threat...
Critical
Unreviewed
CVE-2024-42395
was published
Aug 6, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to...
Critical
Unreviewed
CVE-2024-42393
was published
Aug 6, 2024
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5...
Critical
Unreviewed
CVE-2020-22654
was published
Jan 20, 2023
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5...
Critical
Unreviewed
CVE-2020-22658
was published
Jan 20, 2023
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5...
Critical
Unreviewed
CVE-2020-22653
was published
Jan 20, 2023
Lektor does not sanitize database path traversal
Critical
CVE-2024-28335
was published
for
Lektor
(pip)
Mar 27, 2024
LangChain Experimental vulnerable to arbitrary code execution
Critical
CVE-2024-27444
was published
for
langchain-experimental
(pip)
Feb 26, 2024
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote...
Critical
Unreviewed
CVE-2023-48901
was published
Mar 21, 2024
S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().
Critical
Unreviewed
CVE-2023-45927
was published
Mar 27, 2024
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src...
Critical
Unreviewed
CVE-2024-29684
was published
Mar 26, 2024
libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function...
Critical
Unreviewed
CVE-2024-35326
was published
Jun 13, 2024
SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an...
Critical
Unreviewed
CVE-2024-40498
was published
Aug 5, 2024
Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v...
Critical
Unreviewed
CVE-2024-40530
was published
Aug 5, 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can...
Critical
Unreviewed
CVE-2024-25735
was published
Mar 27, 2024
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE)...
Critical
Unreviewed
CVE-2024-25293
was published
Mar 1, 2024
A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved...
Critical
Unreviewed
CVE-2024-25413
was published
Feb 16, 2024
ProTip!
Advisories are also available from the
GraphQL API