GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,360
Composer 3,967
Erlang 29
GitHub Actions 16
Go 1,749
Maven 4,978
npm 3,509
NuGet 609
pip 3,076
Pub 10
RubyGems 832
Rust 781
Swift 34

Unreviewed advisories

All unreviewed 221,267

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

18,799 advisories

Filter by severity

Sort by

Least recently updated

PTC Creo Elements/Direct License Server exposes a web interface which can be used by... Critical Unreviewed

CVE-2024-6071 was published Jun 28, 2024

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote... Critical Unreviewed

CVE-2024-5751 was published Jun 27, 2024

In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code... Critical Unreviewed

CVE-2024-5826 was published Jun 27, 2024

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows... Critical Unreviewed

CVE-2024-5980 was published Jun 27, 2024

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote... Critical Unreviewed

CVE-2024-6127 was published Jun 27, 2024

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks... Critical Unreviewed

CVE-2024-2973 was published Jun 27, 2024

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS... Critical Unreviewed

CVE-2024-3330 was published Jun 27, 2024

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics... Critical Unreviewed

CVE-2024-0947 was published Jun 27, 2024

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission... Critical Unreviewed

CVE-2024-0949 was published Jun 27, 2024

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11... Critical Unreviewed

CVE-2024-5655 was published Jun 27, 2024

Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL... Critical Unreviewed

CVE-2024-1839 was published Jun 26, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -... Critical Unreviewed

CVE-2024-4228 was published Jun 26, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2024-37252 was published Jun 26, 2024

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability... Critical Unreviewed

CVE-2024-5181 was published Jun 26, 2024

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed

CVE-2024-4884 was published Jun 25, 2024

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in... Critical Unreviewed

CVE-2024-4883 was published Jun 25, 2024

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify... Critical Unreviewed

CVE-2024-5276 was published Jun 25, 2024

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed

CVE-2024-4885 was published Jun 25, 2024

Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows... Critical Unreviewed

CVE-2024-5805 was published Jun 25, 2024

Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be... Critical Unreviewed

CVE-2024-6303 was published Jun 25, 2024

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ... Critical Unreviewed

CVE-2024-6028 was published Jun 25, 2024

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with... Critical Unreviewed

CVE-2024-6297 was published Jun 25, 2024

An improper input validation vulnerability was discovered in Avaya IP Office that could allow... Critical Unreviewed

CVE-2024-4196 was published Jun 25, 2024

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow... Critical Unreviewed

CVE-2024-4197 was published Jun 25, 2024

Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User... Critical Unreviewed

CVE-2023-6198 was published Jun 25, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

18,799 advisories