Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,221 advisories

Loading
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling. Critical Unreviewed
CVE-2021-47157 was published Mar 18, 2024
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2020-22151 was published Jul 3, 2023
Vanna prompt injection code execution Critical
CVE-2024-5565 was published for vanna (pip) May 31, 2024
libxmljs2 vulnerable to type confusion when parsing specially crafted XML Critical
CVE-2024-34394 was published for libxmljs2 (npm) May 2, 2024
macariomartins Credited to macariomartins
libxmljs2 type confusion vulnerability when parsing specially crafted XML Critical
CVE-2024-34393 was published for libxmljs2 (npm) May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML Critical
CVE-2024-34391 was published for libxmljs (npm) May 2, 2024
Improper Certificate Validation in Twisted Critical
CVE-2019-12855 was published for twisted (pip) Aug 16, 2019
Inconsistent Interpretation of HTTP Requests in twisted.web Critical
CVE-2022-24801 was published for twisted (pip) Apr 4, 2022
zeyu2001 Credited to zeyu2001, twm, and exarkun twm twm
exarkun exarkun
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to... Critical Unreviewed
CVE-2021-24171 was published May 24, 2022
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
HTTP Request Smuggling in Twisted Critical
CVE-2020-10109 was published for Twisted (pip) Mar 31, 2020
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they... Critical Unreviewed
CVE-2024-11666 was published Nov 25, 2024
An authentication bypass vulnerability has been identified in Pulpcore when deployed with... Critical Unreviewed
CVE-2024-7923 was published Sep 4, 2024
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in... Critical Unreviewed
CVE-2021-22763 was published May 24, 2022
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It... Critical Unreviewed
CVE-2024-10914 was published Nov 6, 2024
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing... Critical Unreviewed
CVE-2024-11068 was published Nov 11, 2024
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-9942 was published Nov 23, 2024
The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP... Critical Unreviewed
CVE-2024-9511 was published Nov 23, 2024
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-9659 was published Nov 23, 2024
A parameter within a command does not properly validate input within myPRO Manager which could be... Critical Unreviewed
CVE-2024-47407 was published Nov 23, 2024
The web application uses a weak authentication mechanism to verify that a request is coming from... Critical Unreviewed
CVE-2024-45369 was published Nov 23, 2024
NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon... Critical Unreviewed
CVE-2024-0138 was published Nov 23, 2024
An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command... Critical Unreviewed
CVE-2024-52034 was published Nov 23, 2024
The administrative interface listens by default on all interfaces on a TCP port and does not... Critical Unreviewed
CVE-2024-47138 was published Nov 23, 2024
langchain arbitrary code execution vulnerability Critical
CVE-2023-36258 was published for langchain (pip) Jul 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database