Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

23,685 advisories

Loading
PaddlePaddle command injection in convert_shape_compare Critical
CVE-2023-52314 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in _wget_download Critical
CVE-2023-52311 was published for PaddlePaddle (pip) Jan 3, 2024
PaddlePaddle command injection in get_online_pass_interval Critical
CVE-2023-52310 was published for PaddlePaddle (pip) Jan 3, 2024
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens Critical
CVE-2023-43791 was published for label-studio (pip) Nov 9, 2023
alex-elttam Robbilie
WMAgent arbitrary code execution via a crafted dbs-client package Critical
CVE-2022-34558 was published for global-workqueue (pip) Jul 29, 2022
IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote... Critical Unreviewed
CVE-2024-41779 was published Nov 22, 2024
Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager... Critical Unreviewed
CVE-2024-52052 was published Nov 22, 2024
exotel-py 0.1.6 includes code execution backdoor inserted by a third party Critical
CVE-2022-38792 was published for exotel (pip) Aug 28, 2022
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen aldbr
chrisburr
Backdoor in api-res-py Critical
CVE-2022-31313 was published for api-res-py (pip) Jun 9, 2022
In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out... Critical Unreviewed
CVE-2018-9479 was published Nov 20, 2024
In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to... Critical Unreviewed
CVE-2018-9471 was published Nov 20, 2024
Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function ... Critical Unreviewed
CVE-2024-52714 was published Nov 19, 2024
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in... Critical Unreviewed
CVE-2024-52759 was published Nov 19, 2024
In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out... Critical Unreviewed
CVE-2018-9478 was published Nov 20, 2024
Grafana plugin SDK Information Leakage Critical
CVE-2024-8986 was published for github.com/grafana/grafana-plugin-sdk-go (Go) Sep 19, 2024
.NET Remote Code Execution Vulnerability Critical
CVE-2024-43498 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024
matt-phylum
In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing... Critical Unreviewed
CVE-2018-9341 was published Nov 19, 2024
A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School... Critical Unreviewed
CVE-2024-34932 was published May 23, 2024
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed
CVE-2024-52434 was published Nov 18, 2024
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege... Critical Unreviewed
CVE-2024-9479 was published Nov 20, 2024
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of... Critical Unreviewed
CVE-2024-10094 was published Nov 20, 2024
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege... Critical Unreviewed
CVE-2024-9478 was published Nov 20, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11311 was published Nov 18, 2024
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of... Critical Unreviewed
CVE-2024-11312 was published Nov 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database