Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,221 advisories

Loading
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin... Critical Unreviewed
CVE-2018-9467 was published Nov 20, 2024
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME... Critical Unreviewed
CVE-2024-28729 was published Nov 13, 2024
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability... Critical Unreviewed
CVE-2024-8807 was published Nov 22, 2024
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability... Critical Unreviewed
CVE-2024-8806 was published Nov 22, 2024
Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2023-51644 was published Nov 22, 2024
Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This... Critical Unreviewed
CVE-2023-51639 was published Nov 22, 2024
A missing authentication for critical function vulnerability has been reported to affect Notes... Critical Unreviewed
CVE-2024-38643 was published Nov 22, 2024
A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3.... Critical Unreviewed
CVE-2024-38645 was published Nov 22, 2024
Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-51641 was published Nov 22, 2024
Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability... Critical Unreviewed
CVE-2023-52333 was published Nov 22, 2024
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2023-51642 was published Nov 22, 2024
Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2023-51638 was published Nov 22, 2024
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function... Critical Unreviewed
CVE-2024-51151 was published Nov 22, 2024
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed
CVE-2024-10218 was published Nov 12, 2024
Vyper negative array index bounds checks Critical
CVE-2024-24563 was published for vyper (pip) Feb 7, 2024
cyberthirst Credited to cyberthirst and iFrostizz iFrostizz iFrostizz
Vyper's bounds check on built-in `slice()` function can be overflowed Critical
CVE-2024-24561 was published for vyper (pip) Feb 1, 2024
zobront Credited to zobront and kuroi8 kuroi8 kuroi8
transformers has a Deserialization of Untrusted Data vulnerability Critical
CVE-2023-6730 was published for transformers (pip) Dec 19, 2023
Missing rate limit on rdiffweb Critical
CVE-2022-3439 was published for rdiffweb (pip) Oct 14, 2022
Origin Validation Error in rdiffweb Critical
CVE-2022-3457 was published for rdiffweb (pip) Oct 14, 2022
PaddlePaddle command injection in convert_shape_compare Critical
CVE-2023-52314 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in _wget_download Critical
CVE-2023-52311 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in get_online_pass_interval Critical
CVE-2023-52310 was published for PaddlePaddle (pip) Jan 3, 2024
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens Critical
CVE-2023-43791 was published for label-studio (pip) Nov 9, 2023
alex-elttam Credited to alex-elttam and Robbilie Robbilie Robbilie
IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote... Critical Unreviewed
CVE-2024-41779 was published Nov 22, 2024
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen Credited to chaen, aldbr, and chrisburr aldbr aldbr
chrisburr chrisburr
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database