GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
768 advisories
Filter by severity
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
Zabbix server can perform command execution for configured scripts. After command is executed,...
Critical
Unreviewed
CVE-2024-22120
was published
May 17, 2024
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may...
Critical
Unreviewed
CVE-2024-22476
was published
May 16, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-jjx7-8462-w4m4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe...
Critical
Unreviewed
CVE-2024-4547
was published
May 6, 2024
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe...
Critical
Unreviewed
CVE-2024-4548
was published
May 6, 2024
An Improper input validation vulnerability that could potentially lead to privilege escalation...
Critical
Unreviewed
CVE-2024-4142
was published
May 1, 2024
In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a...
Critical
Unreviewed
CVE-2024-3029
was published
Apr 16, 2024
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS...
Critical
Unreviewed
CVE-2024-3400
was published
Apr 12, 2024
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an...
Critical
Unreviewed
CVE-2024-20758
was published
Apr 10, 2024
Memory corruption while redirecting log file to any file location with any file name.
Critical
Unreviewed
CVE-2024-21473
was published
Apr 1, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an...
Critical
Unreviewed
CVE-2024-2443
was published
Mar 21, 2024
Server crashes on invalid Cloud Function or Cloud Job name
Critical
CVE-2024-29027
was published
for
parse-server
(npm)
Mar 19, 2024
Memory corruption in Core Services while executing the command for removing a single event listener.
Critical
Unreviewed
CVE-2023-28578
was published
Mar 4, 2024
The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in...
Critical
Unreviewed
CVE-2023-50737
was published
Feb 28, 2024
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
Critical
CVE-2024-23320
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Feb 23, 2024
Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below...
Critical
Unreviewed
CVE-2023-32484
was published
Feb 15, 2024
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection...
Critical
Unreviewed
CVE-2023-32462
was published
Feb 15, 2024
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and...
Critical
Unreviewed
CVE-2024-24691
was published
Feb 14, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an...
Critical
Unreviewed
CVE-2024-1374
was published
Feb 13, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an...
Critical
Unreviewed
CVE-2024-1378
was published
Feb 13, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an...
Critical
Unreviewed
CVE-2024-1372
was published
Feb 13, 2024
ProTip!
Advisories are also available from the
GraphQL API