Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,734 advisories

Loading
PTC Creo Elements/Direct License Server exposes a web interface which can be used by... Critical Unreviewed
CVE-2024-6071 was published Jun 28, 2024
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong afdesk
Apache Tomcat Improper Access Control vulnerability Critical
CVE-2016-8735 was published for org.apache.tomcat:tomcat-catalina (Maven) May 13, 2022
sunSUNQ westonsteimel
liususan091219
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search... Critical Unreviewed
CVE-2021-44026 was published May 24, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2023-27350 was published Apr 20, 2023
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks... Critical Unreviewed
CVE-2024-2973 was published Jun 27, 2024
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS... Critical Unreviewed
CVE-2024-3330 was published Jun 27, 2024
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote... Critical Unreviewed
CVE-2024-5751 was published Jun 27, 2024
In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code... Critical Unreviewed
CVE-2024-5826 was published Jun 27, 2024
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote... Critical Unreviewed
CVE-2024-6127 was published Jun 27, 2024
A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows... Critical Unreviewed
CVE-2024-5980 was published Jun 27, 2024
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and... Critical Unreviewed
CVE-2016-3427 was published May 13, 2022
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics... Critical Unreviewed
CVE-2024-0947 was published Jun 27, 2024
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission... Critical Unreviewed
CVE-2024-0949 was published Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11... Critical Unreviewed
CVE-2024-5655 was published Jun 27, 2024
Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL... Critical Unreviewed
CVE-2024-1839 was published Jun 26, 2024
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1.... Critical Unreviewed
CVE-2023-49103 was published Nov 22, 2023
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed
CVE-2023-6448 was published Dec 5, 2023
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The... Critical Unreviewed
CVE-2024-33879 was published Jun 24, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -... Critical Unreviewed
CVE-2024-4228 was published Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-37252 was published Jun 26, 2024
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability... Critical Unreviewed
CVE-2024-5181 was published Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed
CVE-2024-4884 was published Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in... Critical Unreviewed
CVE-2024-4883 was published Jun 25, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify... Critical Unreviewed
CVE-2024-5276 was published Jun 25, 2024
ProTip! Advisories are also available from the GraphQL API