GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
240,683 advisories
Filter by severity
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Critical
CVE-2024-5980
was published
for
lightning
(pip)
Jun 27, 2024
lollms vulnerable to dot-dot-slash path traversal in XTTS server
High
CVE-2024-6139
was published
for
lollms
(pip)
Jun 27, 2024
h2o vulnerable to unexpected POST request shutting down server
High
CVE-2024-5979
was published
for
h2o
(pip)
Jun 27, 2024
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
High
CVE-2024-5824
was published
for
lollms
(pip)
Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection
Critical
CVE-2024-5826
was published
for
vanna
(pip)
Jun 27, 2024
This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the...
High
Unreviewed
CVE-2024-4578
was published
Jun 27, 2024
In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with...
High
Unreviewed
CVE-2024-5714
was published
Jun 27, 2024
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of...
High
Unreviewed
CVE-2024-5822
was published
Jun 27, 2024
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot...
Moderate
Unreviewed
CVE-2024-5755
was published
Jun 27, 2024
A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms...
Moderate
Unreviewed
CVE-2024-5933
was published
Jun 27, 2024
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The...
High
Unreviewed
CVE-2024-5885
was published
Jun 27, 2024
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper...
Moderate
Unreviewed
CVE-2024-5936
was published
Jun 27, 2024
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in...
High
Unreviewed
CVE-2024-6250
was published
Jun 27, 2024
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of...
High
Unreviewed
CVE-2024-6038
was published
Jun 27, 2024
In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can...
Moderate
Unreviewed
CVE-2024-6086
was published
Jun 27, 2024
VMware Workspace One UEM update addresses an information exposure vulnerability.
A malicious...
Moderate
Unreviewed
CVE-2024-22260
was published
Jun 27, 2024
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing...
High
Unreviewed
CVE-2024-6090
was published
Jun 27, 2024
Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of...
Unknown
Unreviewed
CVE-2024-39133
was published
Jun 27, 2024
A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows...
Moderate
Unreviewed
CVE-2024-5935
was published
Jun 27, 2024
A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial...
Unknown
Unreviewed
CVE-2024-39130
was published
Jun 27, 2024
Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of...
Unknown
Unreviewed
CVE-2024-39129
was published
Jun 27, 2024
lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function.
Unknown
Unreviewed
CVE-2024-39207
was published
Jun 27, 2024
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.
Unknown
Unreviewed
CVE-2024-39208
was published
Jun 27, 2024
VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information...
Moderate
Unreviewed
CVE-2024-22276
was published
Jun 27, 2024
ProTip!
Advisories are also available from the
GraphQL API