Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,750 advisories

Loading
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress... Critical Unreviewed
CVE-2024-6172 was published Jul 2, 2024
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs.... Critical Unreviewed
CVE-2023-41918 was published Jul 2, 2024
Inadequate input validation exposes the system to potential remote code execution (RCE) risks.... Critical Unreviewed
CVE-2023-41917 was published Jul 2, 2024
A vulnerability allows attackers to download source code or an executable from a remote location... Critical Unreviewed
CVE-2023-41921 was published Jul 2, 2024
The vulnerability allows attackers access to the root account without having to authenticate.... Critical Unreviewed
CVE-2023-41920 was published Jul 2, 2024
Hardcoded credentials are discovered within the application's source code, creating a potential... Critical Unreviewed
CVE-2023-41919 was published Jul 2, 2024
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability Critical
CVE-2024-39309 was published for parse-server (npm) Jul 1, 2024
mtrezza
Session Middleware Token Injection Vulnerability Critical
CVE-2024-38513 was published for github.com/gofiber/fiber (Go) Jul 1, 2024
sixcolors
The N-central server is vulnerable to an authentication bypass of the user interface. This... Critical Unreviewed
CVE-2024-28200 was published Jul 1, 2024
The N-central server is vulnerable to session rebinding of already authenticated users when using... Critical Unreviewed
CVE-2024-5322 was published Jul 1, 2024
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x... Critical Unreviewed
CVE-2023-42464 was published Sep 20, 2023
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An... Critical Unreviewed
CVE-2024-6425 was published Jul 1, 2024
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a... Critical Unreviewed
CVE-2024-6424 was published Jul 1, 2024
Path Traversal: '\..\filename' in GitHub repository stitionai/devika prior to -. Critical Unreviewed
CVE-2024-5926 was published Jun 30, 2024
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin... Critical Unreviewed
CVE-2024-6265 was published Jun 29, 2024
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web... Critical Unreviewed
CVE-2024-5827 was published Jun 29, 2024
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
protobufjs Prototype Pollution vulnerability Critical
CVE-2023-36665 was published for protobufjs (npm) Jul 5, 2023
fhoeben stephengroat
PTC Creo Elements/Direct License Server exposes a web interface which can be used by... Critical Unreviewed
CVE-2024-6071 was published Jun 28, 2024
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong afdesk
Apache Tomcat Improper Access Control vulnerability Critical
CVE-2016-8735 was published for org.apache.tomcat:tomcat-catalina (Maven) May 13, 2022
sunSUNQ westonsteimel
liususan091219
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search... Critical Unreviewed
CVE-2021-44026 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API