Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,545
NuGet
620
pip
3,136
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

22,109 advisories

Loading
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment Critical
CVE-2024-38529 was published for admidio/admidio (Composer) Jul 29, 2024
UmerAdeemCheema
Admidio has Blind SQL Injection in ecard_send.php Critical
CVE-2024-37906 was published for admidio/admidio (Composer) Jul 29, 2024
UmerAdeemCheema
The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation... Critical Unreviewed
CVE-2024-7202 was published Jul 29, 2024
RaspAP allows an attacker to escalate privileges Critical
CVE-2024-41637 was published for billz/raspap-webgui (Composer) Jul 29, 2024
The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation... Critical Unreviewed
CVE-2024-7201 was published Jul 29, 2024
The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not... Critical Unreviewed
CVE-2024-5670 was published Jul 29, 2024
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset... Critical Unreviewed
CVE-2024-24621 was published Jul 26, 2024
Access control vulnerability in the security verification module. Impact: Successful exploitation... Critical Unreviewed
CVE-2024-39671 was published Jul 25, 2024
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via... Critical Unreviewed
CVE-2024-41459 was published Jul 24, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via... Critical Unreviewed
CVE-2024-41460 was published Jul 24, 2024
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via... Critical Unreviewed
CVE-2024-41461 was published Jul 24, 2024
CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via... Critical Unreviewed
CVE-2024-41551 was published Jul 24, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is... Critical Unreviewed
CVE-2024-40422 was published Jul 24, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code... Critical Unreviewed
CVE-2024-6327 was published Jul 24, 2024
Remote command execution due to use of default passwords. The following products are affected:... Critical Unreviewed
CVE-2023-45249 was published Jul 24, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to... Critical Unreviewed
CVE-2024-38164 was published Jul 24, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2024-41319 was published Jul 23, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming ... Critical Unreviewed
CVE-2024-6794 was published Jul 22, 2024
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that... Critical Unreviewed
CVE-2024-6793 was published Jul 22, 2024
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project... Critical Unreviewed
CVE-2024-6806 was published Jul 22, 2024
Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a... Critical Unreviewed
CVE-2024-6913 was published Jul 22, 2024
Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to... Critical Unreviewed
CVE-2024-6912 was published Jul 22, 2024
All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ... Critical Unreviewed
CVE-2024-21552 was published Jul 22, 2024
Ankitects Anki arbitrary script execution vulnerability Critical
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san
ProTip! Advisories are also available from the GraphQL API