GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,384 advisories
Filter by severity
Arbitrary file deletion in litellm
Moderate
CVE-2024-4888
was published
for
litellm
(pip)
Jun 6, 2024
In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows...
High
Unreviewed
CVE-2024-3150
was published
Jun 6, 2024
mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input...
High
Unreviewed
CVE-2024-3152
was published
Jun 6, 2024
Missing security headers in Action Pack on non-HTML responses
Moderate
CVE-2024-28103
was published
for
actionpack
(RubyGems)
Jun 4, 2024
Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow....
Unknown
Unreviewed
CVE-2024-5171
was published
Jun 5, 2024
A vulnerability in the web-based management interface of Cisco Finesse could allow an...
Moderate
Unreviewed
CVE-2024-20405
was published
Jun 5, 2024
Arbitrary code execution in Apache Commons BeanUtils
High
CVE-2014-0114
was published
for
commons-beanutils:commons-beanutils
(Maven)
Jun 10, 2020
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version ...
Unknown
Unreviewed
CVE-2024-2257
was published
May 14, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
Moderate
Unreviewed
CVE-2024-23669
was published
Jun 5, 2024
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
Moodle ReCAPTCHA can be bypassed on the login page
Moderate
CVE-2024-34009
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Improper Input Validation
High
CVE-2024-33999
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle broken access control when setting calendar event type
Moderate
CVE-2024-33996
was published
for
moodle/moodle
(Composer)
May 31, 2024
Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in...
Moderate
Unreviewed
CVE-2024-28979
was published
May 1, 2024
Active Template Library Denial of Service Vulnerability
High
Unreviewed
CVE-2023-36585
was published
Oct 10, 2023
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability
High
CVE-2023-36049
was published
for
System.Net.Requests
(NuGet)
Nov 14, 2023
Microsoft Common Data Model SDK Denial of Service Vulnerability
Moderate
CVE-2023-36566
was published
for
Microsoft.CommonDataModel.ObjectModel
(Maven)
Oct 10, 2023
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6...
High
Unreviewed
CVE-2024-23668
was published
Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service
High
Unreviewed
CVE-2024-36390
was published
Jun 2, 2024
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability
Critical
GHSA-jw42-5m4v-9c8g
was published
for
NuGet.CommandLine
(NuGet)
Jan 9, 2024
•
withdrawn
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
Moderate
GHSA-4j93-fm92-rp4m
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Feb 21, 2024
ProTip!
Advisories are also available from the
GraphQL API