GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,798 advisories
Filter by severity
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.
Critical
Unreviewed
CVE-2024-45186
was published
Oct 2, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Moderate
Unreviewed
CVE-2024-8254
was published
Oct 2, 2024
An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code...
Moderate
Unreviewed
CVE-2024-44744
was published
Oct 1, 2024
Installer RCE on settings file write in MyBB before 1.8.22.
Critical
Unreviewed
CVE-2020-22612
was published
Sep 1, 2023
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows...
Moderate
Unreviewed
CVE-2024-45200
was published
Sep 30, 2024
llama-index vulnerable to arbitrary code execution
Critical
CVE-2023-39662
was published
for
llama-index
(pip)
Aug 15, 2023
Eval injection in Supybot/Limnoria
Critical
CVE-2019-19010
was published
for
limnoria
(pip)
Nov 20, 2019
LangChain vulnerable to code injection
Critical
CVE-2023-29374
was published
for
langchain
(pip)
Apr 5, 2023
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
Critical
CVE-2023-39631
was published
for
langchain
(pip)
Sep 1, 2023
langchain vulnerable to arbitrary code execution
Critical
CVE-2023-36281
was published
for
langchain
(pip)
Aug 22, 2023
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical....
Moderate
Unreviewed
CVE-2024-9324
was published
Sep 29, 2024
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38896
was published
for
langchain
(pip)
Aug 15, 2023
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options...
Low
Unreviewed
CVE-2024-8258
was published
Sep 10, 2024
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises...
High
Unreviewed
CVE-2024-6983
was published
Sep 27, 2024
langchain Code Injection vulnerability
Critical
CVE-2023-36095
was published
for
langchain
(pip)
Aug 5, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38860
was published
for
langchain
(pip)
Aug 15, 2023
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and...
Critical
Unreviewed
CVE-2024-6386
was published
Aug 21, 2024
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution ...
Moderate
Unreviewed
CVE-2024-37779
was published
Sep 23, 2024
Remote command execution in promptr
High
CVE-2024-46489
was published
for
@ifnotnowwhen/promptr
(npm)
Sep 25, 2024
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an...
Critical
Unreviewed
CVE-2024-22127
was published
Mar 12, 2024
An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0...
High
Unreviewed
CVE-2023-34195
was published
Sep 18, 2023
Nautobot vulnerable to remote code execution via Jinja2 template rendering
High
CVE-2023-25657
was published
for
nautobot
(pip)
Feb 22, 2023
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
High
CVE-2023-38886
was published
for
dolibarr/dolibarr
(Composer)
Sep 20, 2023
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem...
High
Unreviewed
CVE-2023-41179
was published
Sep 19, 2023
ProTip!
Advisories are also available from the
GraphQL API