GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
18,799 advisories
Filter by severity
PTC Creo Elements/Direct License Server exposes a web interface which can be used by...
Critical
Unreviewed
CVE-2024-6071
was published
Jun 28, 2024
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote...
Critical
Unreviewed
CVE-2024-5751
was published
Jun 27, 2024
In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code...
Critical
Unreviewed
CVE-2024-5826
was published
Jun 27, 2024
A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows...
Critical
Unreviewed
CVE-2024-5980
was published
Jun 27, 2024
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote...
Critical
Unreviewed
CVE-2024-6127
was published
Jun 27, 2024
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks...
Critical
Unreviewed
CVE-2024-2973
was published
Jun 27, 2024
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS...
Critical
Unreviewed
CVE-2024-3330
was published
Jun 27, 2024
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics...
Critical
Unreviewed
CVE-2024-0947
was published
Jun 27, 2024
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission...
Critical
Unreviewed
CVE-2024-0949
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11...
Critical
Unreviewed
CVE-2024-5655
was published
Jun 27, 2024
Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL...
Critical
Unreviewed
CVE-2024-1839
was published
Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -...
Critical
Unreviewed
CVE-2024-4228
was published
Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37252
was published
Jun 26, 2024
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability...
Critical
Unreviewed
CVE-2024-5181
was published
Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution...
Critical
Unreviewed
CVE-2024-4884
was published
Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in...
Critical
Unreviewed
CVE-2024-4883
was published
Jun 25, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify...
Critical
Unreviewed
CVE-2024-5276
was published
Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution...
Critical
Unreviewed
CVE-2024-4885
was published
Jun 25, 2024
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows...
Critical
Unreviewed
CVE-2024-5805
was published
Jun 25, 2024
Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be...
Critical
Unreviewed
CVE-2024-6303
was published
Jun 25, 2024
The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ...
Critical
Unreviewed
CVE-2024-6028
was published
Jun 25, 2024
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with...
Critical
Unreviewed
CVE-2024-6297
was published
Jun 25, 2024
An improper input validation vulnerability was discovered in Avaya IP Office that could allow...
Critical
Unreviewed
CVE-2024-4196
was published
Jun 25, 2024
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow...
Critical
Unreviewed
CVE-2024-4197
was published
Jun 25, 2024
Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User...
Critical
Unreviewed
CVE-2023-6198
was published
Jun 25, 2024
ProTip!
Advisories are also available from the
GraphQL API