Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

240,627 advisories

Loading
CometBFT is unstability during blocksync when syncing from malicious peer Moderate
GHSA-hg58-rf2h-6rr7 was published for github.com/cometbft/cometbft (Go) Jun 28, 2024
unknownfeature
Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2... Unknown Unreviewed
CVE-2024-36059 was published Jun 28, 2024
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject... Unknown Unreviewed
CVE-2023-52892 was published Jun 28, 2024
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code,... Unknown Unreviewed
CVE-2024-39705 was published Jun 28, 2024
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on... Unknown Unreviewed
CVE-2024-4395 was published Jun 28, 2024
PTC Creo Elements/Direct License Server exposes a web interface which can be used by... Critical Unreviewed
CVE-2024-6071 was published Jun 28, 2024
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate... Unknown Unreviewed
CVE-2016-20022 was published Jun 28, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... Unknown Unreviewed
CVE-2024-36072 was published Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... Unknown Unreviewed
CVE-2024-36075 was published Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... Unknown Unreviewed
CVE-2024-36074 was published Jun 27, 2024
A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a... Unknown Unreviewed
CVE-2024-39132 was published Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote... Unknown Unreviewed
CVE-2024-36073 was published Jun 27, 2024
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of... Unknown Unreviewed
CVE-2024-39134 was published Jun 27, 2024
D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest... Unknown Unreviewed
CVE-2024-36755 was published Jun 27, 2024
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the... Unknown Unreviewed
CVE-2024-39209 was published Jun 27, 2024
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext... Unknown Unreviewed
CVE-2024-5642 was published Jun 27, 2024
This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the... High Unreviewed
CVE-2024-4578 was published Jun 27, 2024
Missing Authorization in stitionai/devika High Unreviewed
CVE-2024-5820 was published Jun 27, 2024
In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with... High Unreviewed
CVE-2024-5714 was published Jun 27, 2024
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of... High Unreviewed
CVE-2024-5822 was published Jun 27, 2024
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot... Moderate Unreviewed
CVE-2024-5755 was published Jun 27, 2024
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote... Critical Unreviewed
CVE-2024-5751 was published Jun 27, 2024
A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms... High Unreviewed
CVE-2024-5824 was published Jun 27, 2024
A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms... Moderate Unreviewed
CVE-2024-5933 was published Jun 27, 2024
In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code... Critical Unreviewed
CVE-2024-5826 was published Jun 27, 2024
ProTip! Advisories are also available from the GraphQL API