GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
13,455 advisories
Filter by severity
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote...
Critical
Unreviewed
CVE-2024-10131
was published
Oct 19, 2024
An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted...
Moderate
Unreviewed
CVE-2023-43988
was published
Jan 24, 2024
An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious...
Moderate
Unreviewed
CVE-2023-43999
was published
Jan 24, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow...
High
Unreviewed
CVE-2024-45139
was published
Oct 9, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow...
High
Unreviewed
CVE-2024-45143
was published
Oct 9, 2024
There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker...
Low
Unreviewed
CVE-2024-47486
was published
Oct 18, 2024
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an...
Moderate
Unreviewed
CVE-2024-47485
was published
Oct 18, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-48153
was published
Oct 14, 2024
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the...
Critical
Unreviewed
CVE-2024-4320
was published
Jun 6, 2024
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when...
Critical
Unreviewed
CVE-2021-20204
was published
May 24, 2022
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2...
Moderate
Unreviewed
CVE-2024-10099
was published
Oct 17, 2024
A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3...
High
Unreviewed
CVE-2024-10101
was published
Oct 17, 2024
The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1...
High
Unreviewed
CVE-2017-18113
was published
May 24, 2022
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing...
High
Unreviewed
CVE-2024-9981
was published
Oct 15, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to...
High
Unreviewed
CVE-2024-47962
was published
Oct 10, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a...
High
Unreviewed
CVE-2024-47963
was published
Oct 10, 2024
Substance3D - Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference...
Moderate
Unreviewed
CVE-2024-47459
was published
Oct 17, 2024
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10...
Moderate
Unreviewed
CVE-2023-44293
was published
Oct 17, 2024
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10...
Moderate
Unreviewed
CVE-2023-44294
was published
Oct 17, 2024
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An...
High
Unreviewed
CVE-2024-47966
was published
Oct 10, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to...
High
Unreviewed
CVE-2024-47964
was published
Oct 10, 2024
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a...
High
Unreviewed
CVE-2024-47965
was published
Oct 10, 2024
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a...
Moderate
Unreviewed
CVE-2024-8691
was published
Sep 11, 2024
A URL parameter during login flow was vulnerable to injection. An attacker could insert a...
Moderate
Unreviewed
CVE-2023-28799
was published
Jun 22, 2023
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to...
Moderate
Unreviewed
CVE-2024-3184
was published
Oct 17, 2024
ProTip!
Advisories are also available from the
GraphQL API