GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,885
Composer 4,266
Erlang 31
GitHub Actions 21
Go 2,040
Maven 5,220
npm 3,732
NuGet 662
pip 3,413
Pub 12
RubyGems 891
Rust 866
Swift 36

Unreviewed advisories

All unreviewed 238,003

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

496 advisories

Filter by severity

Sort by

Least recently updated

ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval()... Critical Unreviewed

CVE-2024-21577 was published Dec 13, 2024

ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in... Critical Unreviewed

CVE-2024-21576 was published Dec 13, 2024

The issue stems from a missing validation of the pip field in a POST request sent to the ... Critical Unreviewed

CVE-2024-21574 was published Dec 12, 2024

From the VSPC management agent machine, under condition that the management agent is authorized... Critical Unreviewed

CVE-2024-42448 was published Dec 12, 2024

Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php... Critical Unreviewed

CVE-2022-38946 was published Dec 9, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro... Critical Unreviewed

CVE-2024-51815 was published Dec 6, 2024

Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT... Critical Unreviewed

CVE-2024-48840 was published Dec 5, 2024

Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB... Critical Unreviewed

CVE-2024-48839 was published Dec 5, 2024

An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the... Critical Unreviewed

CVE-2024-48453 was published Dec 4, 2024

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the... Critical Unreviewed

CVE-2024-36622 was published Nov 29, 2024

The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is... Critical Unreviewed

CVE-2024-8672 was published Nov 28, 2024

In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at... Critical Unreviewed

CVE-2024-53920 was published Nov 27, 2024

A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID... Critical Unreviewed

CVE-2024-53604 was published Nov 27, 2024

A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in... Critical Unreviewed

CVE-2024-52959 was published Nov 27, 2024

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard... Critical Unreviewed

CVE-2024-51367 was published Nov 21, 2024

H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm... Critical Unreviewed

CVE-2024-52765 was published Nov 20, 2024

Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of... Critical Unreviewed

CVE-2024-10094 was published Nov 20, 2024

Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of... Critical Unreviewed

CVE-2024-50919 was published Nov 18, 2024

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic... Critical Unreviewed

CVE-2024-52434 was published Nov 18, 2024

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso... Critical Unreviewed

CVE-2024-52427 was published Nov 18, 2024

An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP... Critical Unreviewed

CVE-2024-44758 was published Nov 15, 2024

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of... Critical Unreviewed

CVE-2024-50636 was published Nov 12, 2024

The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for... Critical Unreviewed

CVE-2024-46962 was published Nov 11, 2024

Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics... Critical Unreviewed

CVE-2024-10035 was published Nov 4, 2024

Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed

CVE-2024-48359 was published Oct 31, 2024

Previous 1 2 3 4 5 … 19 20 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

496 advisories