Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,384 advisories

Arbitrary file deletion in litellm Moderate
CVE-2024-4888 was published for litellm (pip) Jun 6, 2024
Authentication bypass in dtale Critical
CVE-2024-3408 was published for dtale (pip) Jun 6, 2024
Local file inclusion in gradio High
CVE-2024-4941 was published for gradio (pip) Jun 6, 2024
In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows... High Unreviewed
CVE-2024-3150 was published Jun 6, 2024
mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input... High Unreviewed
CVE-2024-3152 was published Jun 6, 2024
Missing security headers in Action Pack on non-HTML responses Moderate
CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024
shinkbr
Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow.... Unknown Unreviewed
CVE-2024-5171 was published Jun 5, 2024
A vulnerability in the web-based management interface of Cisco Finesse could allow an... Moderate Unreviewed
CVE-2024-20405 was published Jun 5, 2024
Arbitrary code execution in Apache Commons BeanUtils High
CVE-2014-0114 was published for commons-beanutils:commons-beanutils (Maven) Jun 10, 2020
SunBK201
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version ... Unknown Unreviewed
CVE-2024-2257 was published May 14, 2024
MLFlow improper input validation High
CVE-2024-37061 was published for mlflow (pip) Jun 4, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6... Moderate Unreviewed
CVE-2024-23669 was published Jun 5, 2024
qdrant input validation failure Critical
CVE-2024-3829 was published for qdrant-client (pip) Jun 3, 2024
Moodle ReCAPTCHA can be bypassed on the login page Moderate
CVE-2024-34009 was published for moodle/moodle (Composer) May 31, 2024
Moodle Improper Input Validation High
CVE-2024-33999 was published for moodle/moodle (Composer) May 31, 2024
Moodle broken access control when setting calendar event type Moderate
CVE-2024-33996 was published for moodle/moodle (Composer) May 31, 2024
Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in... Moderate Unreviewed
CVE-2024-28979 was published May 1, 2024
Active Template Library Denial of Service Vulnerability High Unreviewed
CVE-2023-36585 was published Oct 10, 2023
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability High
CVE-2023-36049 was published for System.Net.Requests (NuGet) Nov 14, 2023
Microsoft Common Data Model SDK Denial of Service Vulnerability Moderate
CVE-2023-36566 was published for Microsoft.CommonDataModel.ObjectModel (Maven) Oct 10, 2023
degant
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6... High Unreviewed
CVE-2024-23668 was published Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint Critical
CVE-2024-3584 was published for qdrant (Rust) Jun 2, 2024
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service High Unreviewed
CVE-2024-36390 was published Jun 2, 2024
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability Critical
GHSA-jw42-5m4v-9c8g was published for NuGet.CommandLine (NuGet) Jan 9, 2024 withdrawn
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module Moderate
GHSA-4j93-fm92-rp4m was published for github.com/cosmos/cosmos-sdk (Go) Feb 21, 2024
dongsam sushiwushi
ProTip! Advisories are also available from the GraphQL API