Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

279 advisories

Loading
Remote Code Execution on click of <a> Link in markdown preview High
CVE-2024-49362 was published for joplin (npm) Nov 14, 2024
jackfromeast gshanbhag525
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability High
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
Craft CMS has a potential RCE with a compromised security key High
CVE-2025-23209 was published for craftcms/cms (Composer) Jan 21, 2025
TorchGeo Remote Code Execution Vulnerability High
CVE-2024-49048 was published for torchgeo (pip) Nov 12, 2024
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler High
CVE-2024-39877 was published for apache-airflow (pip) Jul 17, 2024
Arbitrary File Read Vulnerability in Apache Dolphinscheduler High
CVE-2023-51770 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Reportlab vulnerable to remote code execution High
CVE-2023-33733 was published for reportlab (pip) Jun 5, 2023
m3t3kh4n
Server Side Template Injection (SSTI) via Twig escape handler High
CVE-2024-28119 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
Server Side Template Injection (SSTI) High
CVE-2024-28118 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
Server Side Template Injection (SSTI) High
CVE-2024-28117 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
.NET Remote Code Execution Vulnerability High
CVE-2022-41089 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Dec 14, 2022
tdunlap607
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) High
CVE-2024-56334 was published for systeminformation (npm) Dec 20, 2024
xAiluros
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution High
CVE-2024-56327 was published for pyrage (pip) Dec 19, 2024
gaby woodruffw
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
UniSharp Laravel Filemanager Code Injection vulnerability High
CVE-2024-21546 was published for unisharp/laravel-filemanager (Composer) Dec 18, 2024
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method High
CVE-2024-55661 was published for laravel/pulse (Composer) Dec 13, 2024
angelej
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization High
CVE-2024-36610 was published for symfony/var-dumper (Composer) Nov 29, 2024 withdrawn
jderusse
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
TDQM Arbitrary Code Execution High
CVE-2016-10075 was published for tqdm (pip) May 14, 2022
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine High
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja andres-torres-marroquin
adamsachs daveqnet
GitHub Actions Script Injection in `ultralytics/actions` High
GHSA-7x29-qqmq-v6qc was published for ultralytics/actions (GitHub Actions) Aug 14, 2024
AdnaneKhan
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader High
CVE-2024-37900 was published for org.xwiki.platform:xwiki-platform-web-war (Maven) Jul 31, 2024
RoboGR00t
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database