GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,737 advisories
Filter by severity
Path Traversal: '\..\filename' in GitHub repository stitionai/devika prior to -.
Critical
Unreviewed
CVE-2024-5926
was published
Jun 30, 2024
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin...
Critical
Unreviewed
CVE-2024-6265
was published
Jun 29, 2024
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web...
Critical
Unreviewed
CVE-2024-5827
was published
Jun 29, 2024
PTC Creo Elements/Direct License Server exposes a web interface which can be used by...
Critical
Unreviewed
CVE-2024-6071
was published
Jun 28, 2024
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Critical
CVE-2024-5980
was published
for
lightning
(pip)
Jun 27, 2024
vanna vulnerable to remote code execution caused by prompt injection
Critical
CVE-2024-5826
was published
for
vanna
(pip)
Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely
Critical
CVE-2024-5751
was published
for
litellm
(pip)
Jun 27, 2024
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote...
Critical
Unreviewed
CVE-2024-6127
was published
Jun 27, 2024
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks...
Critical
Unreviewed
CVE-2024-2973
was published
Jun 27, 2024
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS...
Critical
Unreviewed
CVE-2024-3330
was published
Jun 27, 2024
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics...
Critical
Unreviewed
CVE-2024-0947
was published
Jun 27, 2024
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission...
Critical
Unreviewed
CVE-2024-0949
was published
Jun 27, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11...
Critical
Unreviewed
CVE-2024-5655
was published
Jun 27, 2024
Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL...
Critical
Unreviewed
CVE-2024-1839
was published
Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 -...
Critical
Unreviewed
CVE-2024-4228
was published
Jun 26, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-37252
was published
Jun 26, 2024
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability...
Critical
Unreviewed
CVE-2024-5181
was published
Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution...
Critical
Unreviewed
CVE-2024-4884
was published
Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in...
Critical
Unreviewed
CVE-2024-4883
was published
Jun 25, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify...
Critical
Unreviewed
CVE-2024-5276
was published
Jun 25, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution...
Critical
Unreviewed
CVE-2024-4885
was published
Jun 25, 2024
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows...
Critical
Unreviewed
CVE-2024-5805
was published
Jun 25, 2024
Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be...
Critical
Unreviewed
CVE-2024-6303
was published
Jun 25, 2024
The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ...
Critical
Unreviewed
CVE-2024-6028
was published
Jun 25, 2024
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with...
Critical
Unreviewed
CVE-2024-6297
was published
Jun 25, 2024
ProTip!
Advisories are also available from the
GraphQL API