GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,339
Composer 4,133
Erlang 29
GitHub Actions 19
Go 1,940
Maven 5,135
npm 3,677
NuGet 645
pip 3,295
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 230,833

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

876 advisories

Filter by severity

Sort by

Least recently updated

The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote... Critical Unreviewed

CVE-2024-10131 was published Oct 19, 2024

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions... Critical Unreviewed

CVE-2021-4443 was published Oct 16, 2024

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed

CVE-2024-48153 was published Oct 14, 2024

RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code... Critical Unreviewed

CVE-2024-46076 was published Oct 7, 2024

According to the researcher: "The TLS connections are encrypted against tampering or... Critical Unreviewed

CVE-2024-44097 was published Oct 2, 2024

A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote... Critical Unreviewed

CVE-2024-46367 was published Sep 27, 2024

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload... Critical Unreviewed

CVE-2024-8940 was published Sep 25, 2024

A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute... Critical Unreviewed

CVE-2024-0005 was published Sep 23, 2024

A condition exists in FlashArray Purity whereby a malicious user could use a remote... Critical Unreviewed

CVE-2024-0003 was published Sep 23, 2024

A condition exists in FlashArray Purity whereby a local account intended for initial array... Critical Unreviewed

CVE-2024-0001 was published Sep 23, 2024

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC... Critical Unreviewed

CVE-2024-38812 was published Sep 17, 2024

ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted... Critical Unreviewed

CVE-2024-41874 was published Sep 13, 2024

A remote code execution (RCE) vulnerability via crafted extension description/changelog could be... Critical Unreviewed

CVE-2024-8695 was published Sep 12, 2024

An unauthenticated remote attacker can run malicious c# code included in curve files and execute... Critical Unreviewed

CVE-2024-6596 was published Sep 10, 2024

A deserialization of untrusted data vulnerability with a malicious payload can allow an... Critical Unreviewed

CVE-2024-40711 was published Sep 7, 2024

Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub... Critical Unreviewed

CVE-2024-43102 was published Sep 5, 2024

A malicious value of size in a structure of packed libnv can cause an integer overflow, leading... Critical Unreviewed

CVE-2024-45287 was published Sep 5, 2024

A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0,... Critical Unreviewed

CVE-2024-44809 was published Sep 4, 2024

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow.... Critical Unreviewed

CVE-2024-34198 was published Aug 28, 2024

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a ... Critical Unreviewed

CVE-2024-45237 was published Aug 25, 2024

Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious... Critical Unreviewed

CVE-2024-23168 was published Aug 15, 2024

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12... Critical Unreviewed

CVE-2024-7262 was published Aug 15, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an... Critical Unreviewed

CVE-2024-39397 was published Aug 14, 2024

The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does... Critical Unreviewed

CVE-2024-42166 was published Aug 12, 2024

The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4... Critical Unreviewed

CVE-2024-42167 was published Aug 12, 2024

Previous 1 2 3 4 5 … 35 36 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

876 advisories