GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,191 advisories
Filter by severity
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote...
Critical
Unreviewed
CVE-2024-10131
was published
Oct 19, 2024
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18...
Critical
Unreviewed
CVE-2024-37404
was published
Oct 19, 2024
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability.
Critical
Unreviewed
CVE-2023-26785
was published
Oct 18, 2024
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an...
Critical
Unreviewed
CVE-2024-9537
was published
Oct 18, 2024
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An...
Critical
Unreviewed
CVE-2024-23629
was published
Jan 26, 2024
Improper resource initialization handling in firmware of some Solidigm DC Products may allow an...
Critical
Unreviewed
CVE-2024-47967
was published
Oct 7, 2024
An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute...
Critical
Unreviewed
CVE-2024-23742
was published
Jan 28, 2024
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable...
Critical
Unreviewed
CVE-2024-25714
was published
Feb 11, 2024
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality....
Critical
Unreviewed
CVE-2024-10118
was published
Oct 18, 2024
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries...
Critical
Unreviewed
CVE-2024-9264
was published
Oct 18, 2024
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An...
Critical
Unreviewed
CVE-2024-10119
was published
Oct 18, 2024
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque...
Critical
Unreviewed
CVE-2024-49195
was published
Oct 15, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and...
Critical
Unreviewed
CVE-2024-48153
was published
Oct 14, 2024
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the...
Critical
Unreviewed
CVE-2024-4320
was published
Jun 6, 2024
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when...
Critical
Unreviewed
CVE-2021-20204
was published
May 24, 2022
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,...
Critical
Unreviewed
CVE-2024-3033
was published
Jun 6, 2024
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which...
Critical
Unreviewed
CVE-2024-48180
was published
Oct 16, 2024
An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker...
Critical
Unreviewed
CVE-2024-48779
was published
Oct 15, 2024
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code...
Critical
Unreviewed
CVE-2024-2360
was published
Jun 6, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows...
Critical
Unreviewed
CVE-2024-2362
was published
Jun 6, 2024
An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege...
Critical
Unreviewed
CVE-2023-28805
was published
Oct 23, 2023
Unrestricted Upload of File with Dangerous Type vulnerability in 酱茄 JiangQie Free Mini Program...
Critical
Unreviewed
CVE-2024-49314
was published
Oct 17, 2024
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in...
Critical
Unreviewed
CVE-2024-49217
was published
Oct 17, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2024-49246
was published
Oct 17, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This...
Critical
Unreviewed
CVE-2024-49291
was published
Oct 17, 2024
ProTip!
Advisories are also available from the
GraphQL API