Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,298 advisories

Loading
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0... High Unreviewed
CVE-2023-33206 was published Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Attackers with a valid username and password can exploit a python code injection vulnerability... High Unreviewed
CVE-2024-6891 was published Aug 8, 2024
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment... High Unreviewed
CVE-2024-22169 was published Aug 2, 2024
Apache Inlong Code Injection vulnerability High
CVE-2024-36268 was published for org.apache.inlong:tubemq-core (Maven) Aug 2, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader High
CVE-2024-37900 was published for org.xwiki.platform:xwiki-platform-web-war (Maven) Jul 31, 2024
RoboGR00t
Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code... High Unreviewed
CVE-2024-6726 was published Jul 29, 2024
OpenAM FreeMarker template injection High
CVE-2024-41667 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Jul 25, 2024
AfterSnows
On versions before 2.1.4, a user could log in and perform a template injection attack resulting... High Unreviewed
CVE-2024-29178 was published Jul 18, 2024
Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier... High Unreviewed
CVE-2024-29014 was published Jul 18, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler High
CVE-2024-39877 was published for apache-airflow (pip) Jul 17, 2024
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be... High Unreviewed
CVE-2024-6655 was published Jul 16, 2024
setuptools vulnerable to Command Injection via package URL High
CVE-2024-6345 was published for setuptools (pip) Jul 15, 2024
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by... High Unreviewed
CVE-2024-40522 was published Jul 12, 2024
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0... High Unreviewed
CVE-2024-40546 was published Jul 12, 2024
Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in... High Unreviewed
CVE-2024-6507 was published Jul 4, 2024
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows... High Unreviewed
CVE-2024-33871 was published Jul 3, 2024
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection... High Unreviewed
CVE-2024-6376 was published Jul 1, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... High Unreviewed
CVE-2024-36074 was published Jun 27, 2024
An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware... High Unreviewed
CVE-2024-37855 was published Jun 25, 2024
A security vulnerability has been identified in HPE Athonet Mobile Core software. The core... High Unreviewed
CVE-2024-6206 was published Jun 25, 2024
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded... High Unreviewed
CVE-2024-38319 was published Jun 22, 2024
js2py allows remote code execution High
CVE-2024-28397 was published for js2py (pip) Jun 20, 2024
The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions... High Unreviewed
CVE-2024-3562 was published Jun 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database