Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

807 advisories

Loading
qdrant input validation failure Critical
CVE-2024-3829 was published for qdrant-client (pip) Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint Critical
CVE-2024-3584 was published for qdrant (Rust) Jun 2, 2024
In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command... Critical Unreviewed
CVE-2024-36053 was published May 19, 2024
Zabbix server can perform command execution for configured scripts. After command is executed,... Critical Unreviewed
CVE-2024-22120 was published May 17, 2024
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may... Critical Unreviewed
CVE-2024-22476 was published May 16, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-jjx7-8462-w4m4 was published for drupal/drupal (Composer) May 15, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version ... Critical Unreviewed
CVE-2024-2257 was published May 14, 2024
In multiple locations, there is a possible failure to persist or enforce user restrictions due to... Critical Unreviewed
CVE-2024-23705 was published May 7, 2024
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe... Critical Unreviewed
CVE-2024-4547 was published May 6, 2024
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe... Critical Unreviewed
CVE-2024-4548 was published May 6, 2024
A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to... Critical Unreviewed
CVE-2024-33792 was published May 3, 2024
An Improper input validation vulnerability that could potentially lead to privilege escalation... Critical Unreviewed
CVE-2024-4142 was published May 1, 2024
In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a... Critical Unreviewed
CVE-2024-3029 was published Apr 16, 2024
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS... Critical Unreviewed
CVE-2024-3400 was published Apr 12, 2024
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an... Critical Unreviewed
CVE-2024-20758 was published Apr 10, 2024
Memory corruption while redirecting log file to any file location with any file name. Critical Unreviewed
CVE-2024-21473 was published Apr 1, 2024
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an... Critical Unreviewed
CVE-2024-2443 was published Mar 21, 2024
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve... Critical Unreviewed
CVE-2024-23717 was published Mar 11, 2024
Memory corruption in Core Services while executing the command for removing a single event listener. Critical Unreviewed
CVE-2023-28578 was published Mar 4, 2024
In wlan service, there is a possible out of bounds write due to improper input validation. This... Critical Unreviewed
CVE-2024-20017 was published Mar 4, 2024
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote... Critical Unreviewed
CVE-2024-0864 was published Feb 29, 2024
The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in... Critical Unreviewed
CVE-2023-50737 was published Feb 28, 2024
In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write... Critical Unreviewed
CVE-2024-0031 was published Feb 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database