GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
19,005 advisories
Filter by severity
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto)...
Critical
Unreviewed
CVE-2024-3704
was published
Apr 12, 2024
Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on...
Critical
Unreviewed
CVE-2024-6298
was published
Jul 5, 2024
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series
v <...
Critical
Unreviewed
CVE-2024-6209
was published
Jul 5, 2024
rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command...
Critical
Unreviewed
CVE-2024-39943
was published
Jul 5, 2024
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go,...
Critical
Unreviewed
CVE-2024-39930
was published
Jul 4, 2024
Gogs through 0.13.0 allows deletion of internal files.
Critical
Unreviewed
CVE-2024-39931
was published
Jul 4, 2024
Gogs through 0.13.0 allows argument injection during the previewing of changes.
Critical
Unreviewed
CVE-2024-39932
was published
Jul 4, 2024
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing...
Critical
Unreviewed
CVE-2024-27173
was published
Jun 14, 2024
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be...
Critical
Unreviewed
CVE-2024-27174
was published
Jun 14, 2024
Remote Command program allows an attacker to get Remote Code Execution. As for the affected...
Critical
Unreviewed
CVE-2024-27172
was published
Jun 14, 2024
The Toshiba printers provide several ways to upload files using the web interface without...
Critical
Unreviewed
CVE-2024-27144
was published
Jun 14, 2024
Toshiba printers use SNMP for configuration. Using the private community, it is possible to...
Critical
Unreviewed
CVE-2024-27143
was published
Jun 14, 2024
The Toshiba printers provide several ways to upload files using the admin web interface. An...
Critical
Unreviewed
CVE-2024-27145
was published
Jun 14, 2024
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from...
Critical
Unreviewed
CVE-2024-3411
was published
Apr 30, 2024
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection...
Critical
Unreviewed
CVE-2024-3816
was published
Jul 3, 2024
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST...
Critical
Unreviewed
CVE-2024-39243
was published
Jun 26, 2024
An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST...
Critical
Unreviewed
CVE-2024-37734
was published
Jun 27, 2024
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry...
Critical
Unreviewed
CVE-2024-37082
was published
Jul 3, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Critical
Unreviewed
CVE-2024-6172
was published
Jul 2, 2024
SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro"...
Critical
Unreviewed
CVE-2024-34988
was published
Jun 25, 2024
In venc, there is a possible out of bounds write due to type confusion. This could lead to local...
Critical
Unreviewed
CVE-2024-20078
was published
Jul 1, 2024
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request....
Critical
Unreviewed
CVE-2024-39015
was published
Jul 1, 2024
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10...
Critical
Unreviewed
CVE-2012-6664
was published
Jun 22, 2024
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in...
Critical
Unreviewed
CVE-2024-39848
was published
Jun 30, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows...
Critical
Unreviewed
CVE-2024-39704
was published
Jul 3, 2024
ProTip!
Advisories are also available from the
GraphQL API