Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,755
Maven
5,000+
npm
4,359
NuGet
765
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,052 advisories

Loading
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue... Moderate Unreviewed
CVE-2024-8523 was published Sep 7, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input Moderate
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
Credited to mcoimbra and filipeom
Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc.... Moderate Unreviewed
CVE-2024-43922 was published Aug 29, 2024
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that... Moderate Unreviewed
CVE-2024-42598 was published Aug 20, 2024
A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue... Moderate Unreviewed
CVE-2024-7899 was published Aug 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table... Moderate Unreviewed
CVE-2024-43128 was published Aug 13, 2024
In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability... Moderate Unreviewed
CVE-2023-50810 was published Aug 12, 2024
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway... Moderate Unreviewed
CVE-2024-37382 was published Aug 8, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to... Moderate Unreviewed
CVE-2024-3958 was published Aug 8, 2024
Editor.js vulnerable to Code Injection Moderate
CVE-2022-23474 was published for @editorjs/editorjs (npm) Aug 5, 2024
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly... Moderate Unreviewed
CVE-2024-6923 was published Aug 1, 2024
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3... Moderate Unreviewed
CVE-2024-41304 was published Jul 30, 2024
A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected... Moderate Unreviewed
CVE-2024-6950 was published Jul 21, 2024
A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This... Moderate Unreviewed
CVE-2024-6946 was published Jul 21, 2024
A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue... Moderate Unreviewed
CVE-2024-6947 was published Jul 21, 2024
A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an... Moderate Unreviewed
CVE-2024-6940 was published Jul 21, 2024
A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools... Moderate Unreviewed
CVE-2024-6936 was published Jul 21, 2024
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-36694 was published for opencart/opencart (Composer) Jul 17, 2024
Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken... Moderate Unreviewed
CVE-2024-37405 was published Jul 12, 2024
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary... Moderate Unreviewed
CVE-2024-40726 was published Jul 9, 2024
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary... Moderate Unreviewed
CVE-2024-40735 was published Jul 9, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja... Moderate Unreviewed
CVE-2024-37934 was published Jul 9, 2024
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non... Moderate Unreviewed
CVE-2024-22020 was published Jul 9, 2024
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers... Moderate Unreviewed
CVE-2024-39165 was published Jul 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database