GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
662 advisories
Filter by severity
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version...
Critical
Unreviewed
CVE-2023-45590
was published
Apr 9, 2024
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE)...
Critical
Unreviewed
CVE-2024-31807
was published
Apr 8, 2024
An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary...
Critical
Unreviewed
CVE-2024-31022
was published
Apr 8, 2024
SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries...
Critical
Unreviewed
CVE-2023-36645
was published
Apr 4, 2024
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4...
Critical
Unreviewed
CVE-2024-30568
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto...
Critical
Unreviewed
CVE-2024-25096
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL....
Critical
Unreviewed
CVE-2024-24707
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance...
Critical
Unreviewed
CVE-2024-31390
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder...
Critical
Unreviewed
CVE-2024-31380
was published
Apr 3, 2024
Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-31011
was published
Apr 3, 2024
An issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code...
Critical
Unreviewed
CVE-2024-29276
was published
Apr 2, 2024
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php.
Critical
Unreviewed
CVE-2024-30858
was published
Apr 1, 2024
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php.
Critical
Unreviewed
CVE-2024-30868
was published
Apr 1, 2024
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat...
Critical
Unreviewed
CVE-2023-41724
was published
Mar 31, 2024
An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2...
Critical
Unreviewed
CVE-2024-31032
was published
Mar 29, 2024
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-28386
was published
Mar 25, 2024
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an...
Critical
Unreviewed
CVE-2024-22127
was published
Mar 12, 2024
PaddlePaddle vulnerable to remote code execution
Critical
CVE-2024-0917
was published
for
paddlepaddle
(pip)
Mar 7, 2024
Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the...
Critical
Unreviewed
CVE-2023-41503
was published
Mar 7, 2024
Budibase affected by VM2 Constructor Escape Vulnerability
Critical
GHSA-4g2x-vq5p-5vj6
was published
for
@budibase/server
(npm)
Mar 1, 2024
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE)...
Critical
Unreviewed
CVE-2024-25293
was published
Mar 1, 2024
An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted...
Critical
Unreviewed
CVE-2024-25180
was published
Feb 29, 2024
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.
Critical
Unreviewed
CVE-2024-25291
was published
Feb 29, 2024
SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote...
Critical
Unreviewed
CVE-2023-51801
was published
Feb 29, 2024
SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0...
Critical
Unreviewed
CVE-2024-25350
was published
Feb 29, 2024
ProTip!
Advisories are also available from the
GraphQL API