GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,545
NuGet
620
pip
3,136
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
782 advisories
Filter by severity
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability....
Critical
Unreviewed
CVE-2024-23469
was published
Jul 17, 2024
Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on...
Critical
Unreviewed
CVE-2024-6298
was published
Jul 5, 2024
Under certain circumstances the web interface will accept characters unrelated to the expected...
Critical
Unreviewed
CVE-2024-32755
was published
Jul 2, 2024
Inadequate input validation exposes the system to potential remote code execution (RCE) risks....
Critical
Unreviewed
CVE-2023-41917
was published
Jul 2, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify...
Critical
Unreviewed
CVE-2024-5276
was published
Jun 25, 2024
An improper input validation vulnerability was discovered in Avaya IP Office that could allow...
Critical
Unreviewed
CVE-2024-4196
was published
Jun 25, 2024
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an...
Critical
Unreviewed
CVE-2024-34108
was published
Jun 13, 2024
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0,...
Critical
Unreviewed
CVE-2024-35213
was published
Jun 11, 2024
Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow....
Critical
Unreviewed
CVE-2024-5171
was published
Jun 5, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command...
Critical
Unreviewed
CVE-2024-36053
was published
May 19, 2024
Zabbix server can perform command execution for configured scripts. After command is executed,...
Critical
Unreviewed
CVE-2024-22120
was published
May 17, 2024
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may...
Critical
Unreviewed
CVE-2024-22476
was published
May 16, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-jjx7-8462-w4m4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version ...
Critical
Unreviewed
CVE-2024-2257
was published
May 14, 2024
In multiple locations, there is a possible failure to persist or enforce user restrictions due to...
Critical
Unreviewed
CVE-2024-23705
was published
May 7, 2024
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe...
Critical
Unreviewed
CVE-2024-4547
was published
May 6, 2024
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe...
Critical
Unreviewed
CVE-2024-4548
was published
May 6, 2024
A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to...
Critical
Unreviewed
CVE-2024-33792
was published
May 3, 2024
An Improper input validation vulnerability that could potentially lead to privilege escalation...
Critical
Unreviewed
CVE-2024-4142
was published
May 1, 2024
In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a...
Critical
Unreviewed
CVE-2024-3029
was published
Apr 16, 2024
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS...
Critical
Unreviewed
CVE-2024-3400
was published
Apr 12, 2024
ProTip!
Advisories are also available from the
GraphQL API