Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,009 advisories

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have... Critical Unreviewed
CVE-2022-45063 was published Nov 10, 2022
Spring-boot-admin sandbox bypass via crafted HTML High
CVE-2023-38286 was published for de.codecentric:spring-boot-admin-server (Maven) Jul 14, 2023
ymuraki-csc danielfernandez
Subrhamanya
An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A... High Unreviewed
CVE-2024-37569 was published Jun 9, 2024
On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform... High Unreviewed
CVE-2024-37570 was published Jun 9, 2024
Composer has multiple command injections via malicious git/hg branch names High
CVE-2024-35242 was published for composer/composer (Composer) Jun 10, 2024
haqpl
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn... Critical Unreviewed
CVE-2024-36604 was published Jun 4, 2024
Command Injection in pip when used with Mercurial Moderate
CVE-2023-5752 was published for pip (pip) Oct 25, 2023
mwpeterson
A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior... Critical Unreviewed
CVE-2024-5480 was published Jun 6, 2024
Withdrawn: Runc allows an arbitrary systemd property to be injected High
GHSA-c5pj-mqfh-rvc3 was published for github.com/opencontainers/runc (Go) Apr 26, 2024 withdrawn
AkihiroSuda
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Critical Unreviewed
CVE-2024-34792 was published Jun 4, 2024
Vanna prompt injection code execution High
CVE-2024-5565 was published for vanna (pip) May 31, 2024
A command injection vulnerability exists in the gradio-app/gradio repository, specifically within... High Unreviewed
CVE-2024-4253 was published Jun 4, 2024
Azure Identity SDK Remote Code Execution Vulnerability High
CVE-2023-36414 was published for Azure.Identity (NuGet) Oct 10, 2023
scottaddie
.NET Remote Code Execution Vulnerability High
CVE-2023-35390 was published for Microsoft.NET.Build.Containers (NuGet) Aug 9, 2023
A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically... High Unreviewed
CVE-2024-4267 was published May 22, 2024
A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by... Moderate Unreviewed
CVE-2024-5194 was published May 22, 2024
A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this... Moderate Unreviewed
CVE-2024-5195 was published May 22, 2024
A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an... Moderate Unreviewed
CVE-2024-5196 was published May 22, 2024
Command Injection Vulnerability with Mercurial in VCS Critical
CVE-2022-21235 was published for github.com/Masterminds/vcs (Go) Apr 1, 2022
dellalibera
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command Critical
CVE-2024-5023 was published for consoleme (pip) May 16, 2024
jaydhulia scottpacknetflix
patricksanders
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... High Unreviewed
CVE-2024-1417 was published May 16, 2024
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an... Unknown Unreviewed
CVE-2024-4999 was published May 16, 2024
A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows... Critical Unreviewed
CVE-2024-4078 was published May 16, 2024
A remote code execution vulnerability exists in the parisneo/lollms-webui application,... Critical Unreviewed
CVE-2024-2366 was published May 16, 2024
ProTip! Advisories are also available from the GraphQL API