GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,370
Composer 3,968
Erlang 29
GitHub Actions 16
Go 1,749
Maven 4,978
npm 3,509
NuGet 609
pip 3,084
Pub 10
RubyGems 832
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,313

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

21,737 advisories

Filter by severity

Sort by

Least recently updated

Path Traversal: '\..\filename' in GitHub repository stitionai/devika prior to -. Critical Unreviewed

CVE-2024-5926 was published Jun 30, 2024

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin... Critical Unreviewed

CVE-2024-6265 was published Jun 29, 2024

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web... Critical Unreviewed

CVE-2024-5827 was published Jun 29, 2024

PTC Creo Elements/Direct License Server exposes a web interface which can be used by... Critical Unreviewed

CVE-2024-6071 was published Jun 28, 2024

litellm vulnerable to remote code execution based on using eval unsafely Critical

CVE-2024-5751 was published for litellm (pip) Jun 27, 2024

pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint Critical

CVE-2024-5980 was published for lightning (pip) Jun 27, 2024

vanna vulnerable to remote code execution caused by prompt injection Critical

CVE-2024-5826 was published for vanna (pip) Jun 27, 2024

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote... Critical Unreviewed

CVE-2024-6127 was published Jun 27, 2024

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks... Critical Unreviewed

CVE-2024-2973 was published Jun 27, 2024

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS... Critical Unreviewed

CVE-2024-3330 was published Jun 27, 2024

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics... Critical Unreviewed

CVE-2024-0947 was published Jun 27, 2024

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission... Critical Unreviewed

CVE-2024-0949 was published Jun 27, 2024

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11... Critical Unreviewed

CVE-2024-5655 was published Jun 27, 2024

Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL... Critical Unreviewed

CVE-2024-1839 was published Jun 26, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -... Critical Unreviewed

CVE-2024-4228 was published Jun 26, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-37252 was published Jun 26, 2024

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability... Critical Unreviewed

CVE-2024-5181 was published Jun 26, 2024

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed

CVE-2024-4884 was published Jun 25, 2024

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in... Critical Unreviewed

CVE-2024-4883 was published Jun 25, 2024

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify... Critical Unreviewed

CVE-2024-5276 was published Jun 25, 2024

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed

CVE-2024-4885 was published Jun 25, 2024

Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows... Critical Unreviewed

CVE-2024-5805 was published Jun 25, 2024

Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be... Critical Unreviewed

CVE-2024-6303 was published Jun 25, 2024

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ... Critical Unreviewed

CVE-2024-6028 was published Jun 25, 2024

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with... Critical Unreviewed

CVE-2024-6297 was published Jun 25, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

21,737 advisories