Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

240,683 advisories

Loading
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical
CVE-2024-5980 was published for lightning (pip) Jun 27, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server High
CVE-2024-6139 was published for lollms (pip) Jun 27, 2024
h2o vulnerable to unexpected POST request shutting down server High
CVE-2024-5979 was published for h2o (pip) Jun 27, 2024
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE High
CVE-2024-5824 was published for lollms (pip) Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the... High Unreviewed
CVE-2024-4578 was published Jun 27, 2024
Missing Authorization in stitionai/devika High Unreviewed
CVE-2024-5820 was published Jun 27, 2024
In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with... High Unreviewed
CVE-2024-5714 was published Jun 27, 2024
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of... High Unreviewed
CVE-2024-5822 was published Jun 27, 2024
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot... Moderate Unreviewed
CVE-2024-5755 was published Jun 27, 2024
A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms... Moderate Unreviewed
CVE-2024-5933 was published Jun 27, 2024
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The... High Unreviewed
CVE-2024-5885 was published Jun 27, 2024
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper... Moderate Unreviewed
CVE-2024-5936 was published Jun 27, 2024
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in... High Unreviewed
CVE-2024-6250 was published Jun 27, 2024
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of... High Unreviewed
CVE-2024-6038 was published Jun 27, 2024
In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can... Moderate Unreviewed
CVE-2024-6086 was published Jun 27, 2024
VMware Workspace One UEM update addresses an information exposure vulnerability.  A malicious... Moderate Unreviewed
CVE-2024-22260 was published Jun 27, 2024
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing... High Unreviewed
CVE-2024-6090 was published Jun 27, 2024
Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of... Unknown Unreviewed
CVE-2024-39133 was published Jun 27, 2024
A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows... Moderate Unreviewed
CVE-2024-5935 was published Jun 27, 2024
A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial... Unknown Unreviewed
CVE-2024-39130 was published Jun 27, 2024
Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of... Unknown Unreviewed
CVE-2024-39129 was published Jun 27, 2024
lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function. Unknown Unreviewed
CVE-2024-39207 was published Jun 27, 2024
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. Unknown Unreviewed
CVE-2024-39208 was published Jun 27, 2024
VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information... Moderate Unreviewed
CVE-2024-22276 was published Jun 27, 2024
ProTip! Advisories are also available from the GraphQL API