GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
876 advisories
Filter by severity
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote...
Critical
Unreviewed
CVE-2024-10131
was published
Oct 19, 2024
The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions...
Critical
Unreviewed
CVE-2021-4443
was published
Oct 16, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-48153
was published
Oct 14, 2024
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code...
Critical
Unreviewed
CVE-2024-46076
was published
Oct 7, 2024
According to the researcher: "The TLS connections are encrypted against tampering or...
Critical
Unreviewed
CVE-2024-44097
was published
Oct 2, 2024
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote...
Critical
Unreviewed
CVE-2024-46367
was published
Sep 27, 2024
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload...
Critical
Unreviewed
CVE-2024-8940
was published
Sep 25, 2024
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute...
Critical
Unreviewed
CVE-2024-0005
was published
Sep 23, 2024
A condition exists in FlashArray Purity whereby a malicious user could use a remote...
Critical
Unreviewed
CVE-2024-0003
was published
Sep 23, 2024
A condition exists in FlashArray Purity whereby a local account intended for initial array...
Critical
Unreviewed
CVE-2024-0001
was published
Sep 23, 2024
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC...
Critical
Unreviewed
CVE-2024-38812
was published
Sep 17, 2024
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted...
Critical
Unreviewed
CVE-2024-41874
was published
Sep 13, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be...
Critical
Unreviewed
CVE-2024-8695
was published
Sep 12, 2024
An unauthenticated remote attacker can run malicious c# code included in curve files and execute...
Critical
Unreviewed
CVE-2024-6596
was published
Sep 10, 2024
A deserialization of untrusted data vulnerability with a malicious payload can allow an...
Critical
Unreviewed
CVE-2024-40711
was published
Sep 7, 2024
Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub...
Critical
Unreviewed
CVE-2024-43102
was published
Sep 5, 2024
A malicious value of size in a structure of packed libnv can cause an integer overflow, leading...
Critical
Unreviewed
CVE-2024-45287
was published
Sep 5, 2024
A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0,...
Critical
Unreviewed
CVE-2024-44809
was published
Sep 4, 2024
TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow....
Critical
Unreviewed
CVE-2024-34198
was published
Aug 28, 2024
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a ...
Critical
Unreviewed
CVE-2024-45237
was published
Aug 25, 2024
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious...
Critical
Unreviewed
CVE-2024-23168
was published
Aug 15, 2024
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12...
Critical
Unreviewed
CVE-2024-7262
was published
Aug 15, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an...
Critical
Unreviewed
CVE-2024-39397
was published
Aug 14, 2024
The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does...
Critical
Unreviewed
CVE-2024-42166
was published
Aug 12, 2024
The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4...
Critical
Unreviewed
CVE-2024-42167
was published
Aug 12, 2024
ProTip!
Advisories are also available from the
GraphQL API