GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,956 advisories
Filter by severity
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series
v <...
Critical
Unreviewed
CVE-2024-6209
was published
Jul 5, 2024
Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on...
Critical
Unreviewed
CVE-2024-6298
was published
Jul 5, 2024
rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command...
Critical
Unreviewed
CVE-2024-39943
was published
Jul 5, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go,...
Critical
Unreviewed
CVE-2024-39930
was published
Jul 4, 2024
Gogs allows deletion of internal files
Critical
CVE-2024-39931
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry...
Critical
Unreviewed
CVE-2024-37082
was published
Jul 3, 2024
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection...
Critical
Unreviewed
CVE-2024-3816
was published
Jul 3, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows...
Critical
Unreviewed
CVE-2024-39704
was published
Jul 3, 2024
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code...
Critical
Unreviewed
CVE-2024-4708
was published
Jul 3, 2024
Under certain circumstances the web interface will accept characters unrelated to the expected...
Critical
Unreviewed
CVE-2024-32755
was published
Jul 2, 2024
A vulnerability allows attackers to download source code or an executable from a remote location...
Critical
Unreviewed
CVE-2023-41921
was published
Jul 2, 2024
The vulnerability allows attackers access to the root account without having to authenticate....
Critical
Unreviewed
CVE-2023-41920
was published
Jul 2, 2024
Hardcoded credentials are discovered within the application's source code, creating a potential...
Critical
Unreviewed
CVE-2023-41919
was published
Jul 2, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Critical
Unreviewed
CVE-2024-6172
was published
Jul 2, 2024
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs....
Critical
Unreviewed
CVE-2023-41918
was published
Jul 2, 2024
Inadequate input validation exposes the system to potential remote code execution (RCE) risks....
Critical
Unreviewed
CVE-2023-41917
was published
Jul 2, 2024
The N-central server is vulnerable to session rebinding of already authenticated users when using...
Critical
Unreviewed
CVE-2024-5322
was published
Jul 1, 2024
The N-central server is vulnerable to an authentication bypass of the user interface. This...
Critical
Unreviewed
CVE-2024-28200
was published
Jul 1, 2024
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Critical
CVE-2024-39236
was published
for
Gradio
(pip)
Jul 1, 2024
Session Middleware Token Injection Vulnerability
Critical
CVE-2024-38513
was published
for
github.com/gofiber/fiber
(Go)
Jul 1, 2024
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Critical
CVE-2024-39309
was published
for
parse-server
(npm)
Jul 1, 2024
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a...
Critical
Unreviewed
CVE-2024-6424
was published
Jul 1, 2024
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An...
Critical
Unreviewed
CVE-2024-6425
was published
Jul 1, 2024
ProTip!
Advisories are also available from the
GraphQL API