GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
94 advisories
Filter by severity
Weblate vulnerable to improper sanitization of project backups
Moderate
CVE-2024-39303
was published
for
Weblate
(pip)
Jul 1, 2024
External Control of File Name or Path in GitHub repository stitionai/devika prior to -.
High
Unreviewed
CVE-2024-5334
was published
Jun 27, 2024
Remote Command program allows an attacker to read any file using a Local File Inclusion...
Moderate
Unreviewed
CVE-2024-27175
was published
Jun 14, 2024
Remote code execution in web server context
High
CVE-2024-37295
was published
for
aimeos/aimeos-core
(Composer)
Jun 5, 2024
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of...
High
Unreviewed
CVE-2024-20366
was published
May 15, 2024
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or...
Moderate
Unreviewed
CVE-2024-25965
was published
May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import...
High
Unreviewed
CVE-2024-27945
was published
May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected...
High
Unreviewed
CVE-2024-27944
was published
May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected...
High
Unreviewed
CVE-2024-27943
was published
May 14, 2024
A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as...
Moderate
Unreviewed
CVE-2024-4818
was published
May 14, 2024
NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the...
Critical
Unreviewed
CVE-2024-0087
was published
May 14, 2024
NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a...
Moderate
Unreviewed
CVE-2024-0100
was published
May 14, 2024
An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an...
Moderate
Unreviewed
CVE-2024-33860
was published
May 7, 2024
timber/timber vulnerable to Deserialization of Untrusted Data
High
CVE-2024-29800
was published
for
timber/timber
(Composer)
Apr 12, 2024
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3...
High
Unreviewed
CVE-2024-31492
was published
Apr 10, 2024
A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of...
Moderate
Unreviewed
CVE-2024-22178
was published
Apr 3, 2024
A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open...
Moderate
Unreviewed
CVE-2024-21870
was published
Apr 3, 2024
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared...
Moderate
Unreviewed
CVE-2024-2917
was published
Mar 27, 2024
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
High
CVE-2024-1603
was published
for
paddlepaddle
(pip)
Mar 23, 2024
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Moderate
CVE-2024-23634
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message...
Moderate
Unreviewed
CVE-2023-47147
was published
Mar 15, 2024
Windows Compressed Folder Tampering Vulnerability
Moderate
Unreviewed
CVE-2024-26185
was published
Mar 12, 2024
IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and...
Moderate
Unreviewed
CVE-2023-26282
was published
Mar 5, 2024
A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as...
Moderate
Unreviewed
CVE-2024-2155
was published
Mar 4, 2024
ProTip!
Advisories are also available from the
GraphQL API