GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,648
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,984
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
2,941 advisories
Filter by severity
Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify...
Critical
Unreviewed
CVE-2024-33644
was published
May 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code...
Critical
Unreviewed
CVE-2023-23645
was published
May 17, 2024
A command injection vulnerability exists in the RunGptLLM class of the llama_index library,...
High
Unreviewed
CVE-2024-4181
was published
May 16, 2024
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1...
High
Unreviewed
CVE-2024-3892
was published
May 15, 2024
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack...
High
Unreviewed
CVE-2024-4202
was published
May 15, 2024
An issue was identified in the Identity Security Cloud (ISC) Transform preview and...
Critical
Unreviewed
CVE-2024-3319
was published
May 15, 2024
PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2023-39469
was published
May 3, 2024
URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints...
Unknown
Unreviewed
CVE-2024-3955
was published
May 2, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti...
Critical
Unreviewed
CVE-2024-22144
was published
Apr 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced...
Critical
Unreviewed
CVE-2024-31266
was published
Apr 25, 2024
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug...
Moderate
Unreviewed
CVE-2024-20359
was published
Apr 24, 2024
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows...
High
Unreviewed
CVE-2024-4040
was published
Apr 22, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2024-29991
was published
Apr 19, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy...
Critical
Unreviewed
CVE-2024-32599
was published
Apr 18, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.
The...
Unknown
Unreviewed
CVE-2024-31861
was published
Apr 11, 2024
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version...
Critical
Unreviewed
CVE-2023-45590
was published
Apr 9, 2024
There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote...
Moderate
Unreviewed
CVE-2024-25706
was published
Apr 4, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL....
Critical
Unreviewed
CVE-2024-24707
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto...
Critical
Unreviewed
CVE-2024-25096
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder...
Critical
Unreviewed
CVE-2024-31380
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance...
Critical
Unreviewed
CVE-2024-31390
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery...
High
Unreviewed
CVE-2024-27191
was published
Apr 3, 2024
SCM Software is a client and server application. An Authenticated System manager client can...
High
Unreviewed
CVE-2024-0400
was published
Mar 27, 2024
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the...
Moderate
Unreviewed
CVE-2024-2016
was published
Mar 21, 2024
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2024-2497
was published
Mar 15, 2024
ProTip!
Advisories are also available from the
GraphQL API