Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,737 advisories

Loading
In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure... Critical Unreviewed
CVE-2024-5133 was published Jun 6, 2024
Authentication bypass in dtale Critical
CVE-2024-3408 was published for dtale (pip) Jun 6, 2024
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its... Critical Unreviewed
CVE-2024-3234 was published Jun 6, 2024
A path traversal vulnerability exists in the parisneo/lollms application, specifically within the... Critical Unreviewed
CVE-2024-3429 was published Jun 6, 2024
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended... Critical Unreviewed
CVE-2024-2359 was published Jun 6, 2024
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code... Critical Unreviewed
CVE-2024-2360 was published Jun 6, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows... Critical Unreviewed
CVE-2024-2362 was published Jun 6, 2024
A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui... Critical Unreviewed
CVE-2024-2624 was published Jun 6, 2024
Remote code execution in mlflow Critical
CVE-2024-0520 was published for mlflow (pip) Jun 6, 2024
Remote code execution in pytorch lightning Critical
CVE-2024-5452 was published for lightning (pip) Jun 6, 2024
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed
CVE-2024-3033 was published Jun 6, 2024
A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper... Critical Unreviewed
CVE-2024-3104 was published Jun 6, 2024
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal,... Critical Unreviewed
CVE-2024-5675 was published Jun 6, 2024
Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. Critical Unreviewed
CVE-2024-36779 was published Jun 6, 2024
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL... Critical Unreviewed
CVE-2024-36393 was published Jun 6, 2024
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command... Critical Unreviewed
CVE-2024-36394 was published Jun 6, 2024
The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all... Critical Unreviewed
CVE-2024-5153 was published Jun 6, 2024
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows... Critical Unreviewed
CVE-2024-4009 was published Jun 5, 2024
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows... Critical Unreviewed
CVE-2024-4008 was published Jun 5, 2024
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6... Critical Unreviewed
CVE-2024-24790 was published Jun 5, 2024
Arbitrary Code Execution in TYPO3 CMS Critical
GHSA-67wg-6j7r-mqh8 was published for typo3/cms (Composer) Jun 5, 2024
Missing Access Check in TYPO3 CMS Critical
GHSA-gwfx-p7mr-f92v was published for typo3/cms (Composer) Jun 5, 2024
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL... Critical Unreviewed
CVE-2024-4743 was published Jun 5, 2024
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via... Critical Unreviewed
CVE-2024-4295 was published Jun 5, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery Critical
CVE-2024-5262 was published for github.com/projectdiscovery/interactsh (Go) Jun 5, 2024
ProTip! Advisories are also available from the GraphQL API