GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,339
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,763
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+
920 advisories
Filter by severity
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja...
Moderate
Unreviewed
CVE-2024-37934
was published
Jul 9, 2024
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers...
Moderate
Unreviewed
CVE-2024-39165
was published
Jul 4, 2024
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function...
Moderate
Unreviewed
CVE-2024-39002
was published
Jul 1, 2024
Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function...
Moderate
Unreviewed
CVE-2024-38990
was published
Jul 1, 2024
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the...
Moderate
Unreviewed
CVE-2024-39209
was published
Jun 27, 2024
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote...
Moderate
Unreviewed
CVE-2024-36075
was published
Jun 27, 2024
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute...
Moderate
Unreviewed
CVE-2023-26877
was published
Jun 26, 2024
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote attacker to execute arbitrary...
Moderate
Unreviewed
CVE-2024-33335
was published
Jun 20, 2024
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code...
Moderate
Unreviewed
CVE-2024-36531
was published
Jun 10, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository
Moderate
CVE-2024-3924
was published
for
text-generation
(pip)
Jun 2, 2024
Pug allows JavaScript code execution if an application accepts untrusted input
Moderate
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12...
Moderate
Unreviewed
CVE-2024-31396
was published
May 22, 2024
In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file...
Moderate
Unreviewed
CVE-2024-36078
was published
May 19, 2024
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for...
Moderate
Unreviewed
CVE-2024-31974
was published
May 17, 2024
Ez Platform Object Injection in legacy shop module
Moderate
GHSA-39j2-4p9j-5w4j
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Moderate
GHSA-pqjm-xcp8-wgmm
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an...
Moderate
Unreviewed
CVE-2024-3044
was published
May 14, 2024
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory...
Moderate
Unreviewed
CVE-2024-34225
was published
May 14, 2024
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert...
Moderate
Unreviewed
CVE-2024-29209
was published
May 7, 2024
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
kubevirt allows a local attacker to execute arbitrary code via a crafted command
Moderate
CVE-2024-33394
was published
for
kubevirt.io/kubevirt
(Go)
May 2, 2024
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the...
Moderate
Unreviewed
CVE-2024-33442
was published
May 1, 2024
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows...
Moderate
Unreviewed
CVE-2024-32404
was published
Apr 26, 2024
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug...
Moderate
Unreviewed
CVE-2024-20359
was published
Apr 24, 2024
ProTip!
Advisories are also available from the
GraphQL API