GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,734 advisories
Filter by severity
PTC Creo Elements/Direct License Server exposes a web interface which can be used by...
Critical
Unreviewed
CVE-2024-6071
was published
Jun 28, 2024
Incomplete fix for Apache Log4j vulnerability
Critical
CVE-2021-45046
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 14, 2021
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search...
Critical
Unreviewed
CVE-2021-44026
was published
May 24, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of...
Critical
Unreviewed
CVE-2023-27350
was published
Apr 20, 2023
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks...
Critical
Unreviewed
CVE-2024-2973
was published
Jun 27, 2024
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS...
Critical
Unreviewed
CVE-2024-3330
was published
Jun 27, 2024
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote...
Critical
Unreviewed
CVE-2024-5751
was published
Jun 27, 2024
In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code...
Critical
Unreviewed
CVE-2024-5826
was published
Jun 27, 2024
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote...
Critical
Unreviewed
CVE-2024-6127
was published
Jun 27, 2024
A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows...
Critical
Unreviewed
CVE-2024-5980
was published
Jun 27, 2024
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and...
Critical
Unreviewed
CVE-2016-3427
was published
May 13, 2022
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics...
Critical
Unreviewed
CVE-2024-0947
was published
Jun 27, 2024
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission...
Critical
Unreviewed
CVE-2024-0949
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11...
Critical
Unreviewed
CVE-2024-5655
was published
Jun 27, 2024
Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL...
Critical
Unreviewed
CVE-2024-1839
was published
Jun 26, 2024
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1....
Critical
Unreviewed
CVE-2023-49103
was published
Nov 22, 2023
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated...
Critical
Unreviewed
CVE-2023-6448
was published
Dec 5, 2023
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The...
Critical
Unreviewed
CVE-2024-33879
was published
Jun 24, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -...
Critical
Unreviewed
CVE-2024-4228
was published
Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37252
was published
Jun 26, 2024
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability...
Critical
Unreviewed
CVE-2024-5181
was published
Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution...
Critical
Unreviewed
CVE-2024-4884
was published
Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in...
Critical
Unreviewed
CVE-2024-4883
was published
Jun 25, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify...
Critical
Unreviewed
CVE-2024-5276
was published
Jun 25, 2024
ProTip!
Advisories are also available from the
GraphQL API