GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
662 advisories
Filter by severity
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww...
Critical
Unreviewed
CVE-2024-7104
was published
Sep 16, 2024
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker...
Critical
Unreviewed
CVE-2024-44430
was published
Sep 13, 2024
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers...
Critical
Unreviewed
CVE-2024-44466
was published
Sep 11, 2024
An unauthenticated remote attacker can run malicious c# code included in curve files and execute...
Critical
Unreviewed
CVE-2024-6596
was published
Sep 10, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.
Critical
Unreviewed
CVE-2024-44411
was published
Sep 9, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.
Critical
Unreviewed
CVE-2024-44410
was published
Sep 9, 2024
pyload-ng vulnerable to RCE with js2py sandbox escape
Critical
GHSA-r9pp-r4xf-597r
was published
for
pyload-ng
(pip)
Sep 9, 2024
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to...
Critical
Unreviewed
CVE-2024-39714
was published
Sep 7, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Critical
CVE-2024-45053
was published
for
ethyca-fides
(pip)
Sep 4, 2024
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code...
Critical
Unreviewed
CVE-2024-45623
was published
Sep 2, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via...
Critical
Unreviewed
CVE-2024-41369
was published
Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via...
Critical
Unreviewed
CVE-2024-41368
was published
Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via...
Critical
Unreviewed
CVE-2024-41367
was published
Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via...
Critical
Unreviewed
CVE-2024-41361
was published
Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via...
Critical
Unreviewed
CVE-2024-41366
was published
Aug 29, 2024
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via...
Critical
Unreviewed
CVE-2024-41364
was published
Aug 29, 2024
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code...
Critical
Unreviewed
CVE-2024-7720
was published
Aug 27, 2024
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling...
Critical
Unreviewed
CVE-2024-45321
was published
Aug 27, 2024
LlamaIndex includes an exec call for `import {cls_name}`
Critical
CVE-2024-45201
was published
for
llama-index-core
(pip)
Aug 22, 2024
Apache Dolphinscheduler Code Injection vulnerability
Critical
CVE-2024-43202
was published
for
org.apache.dolphinscheduler:dolphinscheduler-task-api
(Maven)
Aug 20, 2024
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15...
Critical
Unreviewed
CVE-2024-42634
was published
Aug 16, 2024
GitHub Actions Script Injection in `ultralytics/actions`
Critical
GHSA-7x29-qqmq-v6qc
was published
for
ultralytics/actions
(GitHub Actions)
Aug 14, 2024
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to...
Critical
Unreviewed
CVE-2024-41623
was published
Aug 13, 2024
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML...
Critical
Unreviewed
CVE-2024-37287
was published
Aug 13, 2024
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-7094
was published
Aug 13, 2024
ProTip!
Advisories are also available from the
GraphQL API