Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20,191 advisories

Loading
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote... Critical Unreviewed
CVE-2024-10131 was published Oct 19, 2024
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18... Critical Unreviewed
CVE-2024-37404 was published Oct 19, 2024
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability. Critical Unreviewed
CVE-2023-26785 was published Oct 18, 2024
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an... Critical Unreviewed
CVE-2024-9537 was published Oct 18, 2024
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An... Critical Unreviewed
CVE-2024-23629 was published Jan 26, 2024
Improper resource initialization handling in firmware of some Solidigm DC Products may allow an... Critical Unreviewed
CVE-2024-47967 was published Oct 7, 2024
An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute... Critical Unreviewed
CVE-2024-23742 was published Jan 28, 2024
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable... Critical Unreviewed
CVE-2024-25714 was published Feb 11, 2024
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality.... Critical Unreviewed
CVE-2024-10118 was published Oct 18, 2024
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries... Critical Unreviewed
CVE-2024-9264 was published Oct 18, 2024
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An... Critical Unreviewed
CVE-2024-10119 was published Oct 18, 2024
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque... Critical Unreviewed
CVE-2024-49195 was published Oct 15, 2024
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-48153 was published Oct 14, 2024
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the... Critical Unreviewed
CVE-2024-4320 was published Jun 6, 2024
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when... Critical Unreviewed
CVE-2021-20204 was published May 24, 2022
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed
CVE-2024-3033 was published Jun 6, 2024
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which... Critical Unreviewed
CVE-2024-48180 was published Oct 16, 2024
An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker... Critical Unreviewed
CVE-2024-48779 was published Oct 15, 2024
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code... Critical Unreviewed
CVE-2024-2360 was published Jun 6, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows... Critical Unreviewed
CVE-2024-2362 was published Jun 6, 2024
An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege... Critical Unreviewed
CVE-2023-28805 was published Oct 23, 2023
Unrestricted Upload of File with Dangerous Type vulnerability in 酱茄 JiangQie Free Mini Program... Critical Unreviewed
CVE-2024-49314 was published Oct 17, 2024
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in... Critical Unreviewed
CVE-2024-49217 was published Oct 17, 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-49246 was published Oct 17, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This... Critical Unreviewed
CVE-2024-49291 was published Oct 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database