GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
240,627 advisories
Filter by severity
CometBFT is unstability during blocksync when syncing from malicious peer
Moderate
GHSA-hg58-rf2h-6rr7
was published
for
github.com/cometbft/cometbft
(Go)
Jun 28, 2024
Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2...
Unknown
Unreviewed
CVE-2024-36059
was published
Jun 28, 2024
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject...
Unknown
Unreviewed
CVE-2023-52892
was published
Jun 28, 2024
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code,...
Unknown
Unreviewed
CVE-2024-39705
was published
Jun 28, 2024
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on...
Unknown
Unreviewed
CVE-2024-4395
was published
Jun 28, 2024
PTC Creo Elements/Direct License Server exposes a web interface which can be used by...
Critical
Unreviewed
CVE-2024-6071
was published
Jun 28, 2024
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate...
Unknown
Unreviewed
CVE-2016-20022
was published
Jun 28, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Unknown
Unreviewed
CVE-2024-36072
was published
Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Unknown
Unreviewed
CVE-2024-36075
was published
Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Unknown
Unreviewed
CVE-2024-36074
was published
Jun 27, 2024
A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a...
Unknown
Unreviewed
CVE-2024-39132
was published
Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Unknown
Unreviewed
CVE-2024-36073
was published
Jun 27, 2024
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of...
Unknown
Unreviewed
CVE-2024-39134
was published
Jun 27, 2024
D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest...
Unknown
Unreviewed
CVE-2024-36755
was published
Jun 27, 2024
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the...
Unknown
Unreviewed
CVE-2024-39209
was published
Jun 27, 2024
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext...
Unknown
Unreviewed
CVE-2024-5642
was published
Jun 27, 2024
This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the...
High
Unreviewed
CVE-2024-4578
was published
Jun 27, 2024
In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with...
High
Unreviewed
CVE-2024-5714
was published
Jun 27, 2024
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of...
High
Unreviewed
CVE-2024-5822
was published
Jun 27, 2024
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot...
Moderate
Unreviewed
CVE-2024-5755
was published
Jun 27, 2024
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote...
Critical
Unreviewed
CVE-2024-5751
was published
Jun 27, 2024
A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms...
High
Unreviewed
CVE-2024-5824
was published
Jun 27, 2024
A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms...
Moderate
Unreviewed
CVE-2024-5933
was published
Jun 27, 2024
In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code...
Critical
Unreviewed
CVE-2024-5826
was published
Jun 27, 2024
ProTip!
Advisories are also available from the
GraphQL API