Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

768 advisories

Authentication bypass in dtale Critical
CVE-2024-3408 was published for dtale (pip) Jun 6, 2024
qdrant input validation failure Critical
CVE-2024-3829 was published for qdrant-client (pip) Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint Critical
CVE-2024-3584 was published for qdrant (Rust) Jun 2, 2024
Zabbix server can perform command execution for configured scripts. After command is executed,... Critical Unreviewed
CVE-2024-22120 was published May 17, 2024
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may... Critical Unreviewed
CVE-2024-22476 was published May 16, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-jjx7-8462-w4m4 was published for drupal/drupal (Composer) May 15, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe... Critical Unreviewed
CVE-2024-4547 was published May 6, 2024
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe... Critical Unreviewed
CVE-2024-4548 was published May 6, 2024
An Improper input validation vulnerability that could potentially lead to privilege escalation... Critical Unreviewed
CVE-2024-4142 was published May 1, 2024
In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a... Critical Unreviewed
CVE-2024-3029 was published Apr 16, 2024
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS... Critical Unreviewed
CVE-2024-3400 was published Apr 12, 2024
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an... Critical Unreviewed
CVE-2024-20758 was published Apr 10, 2024
Memory corruption while redirecting log file to any file location with any file name. Critical Unreviewed
CVE-2024-21473 was published Apr 1, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an... Critical Unreviewed
CVE-2024-2443 was published Mar 21, 2024
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
Memory corruption in Core Services while executing the command for removing a single event listener. Critical Unreviewed
CVE-2023-28578 was published Mar 4, 2024
The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in... Critical Unreviewed
CVE-2023-50737 was published Feb 28, 2024
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users Critical
CVE-2024-23320 was published for org.apache.dolphinscheduler:dolphinscheduler-master (Maven) Feb 23, 2024
westonsteimel
Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below... Critical Unreviewed
CVE-2023-32484 was published Feb 15, 2024
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection... Critical Unreviewed
CVE-2023-32462 was published Feb 15, 2024
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and... Critical Unreviewed
CVE-2024-24691 was published Feb 14, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an... Critical Unreviewed
CVE-2024-1374 was published Feb 13, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an... Critical Unreviewed
CVE-2024-1378 was published Feb 13, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an... Critical Unreviewed
CVE-2024-1372 was published Feb 13, 2024
ProTip! Advisories are also available from the GraphQL API