GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
571 advisories
Filter by severity
Code injection in REDAXO
High
CVE-2024-25298
was published
for
redaxo/source
(Composer)
Feb 17, 2024
TYPO3 Install Tool vulnerable to Code Execution
High
CVE-2024-22188
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Beetl Server-Side Template Injection vulnerability
Critical
CVE-2024-22533
was published
for
com.ibeetl:beetl-core
(Maven)
Feb 2, 2024
vantage6 remote code execution vulnerability
High
CVE-2024-21649
was published
for
vantage6
(pip)
Jan 30, 2024
Arbitrary Code Execution in Processwire
High
CVE-2023-24676
was published
for
processwire/processwire
(Composer)
Jan 24, 2024
Code execution in Embedchain
Critical
CVE-2024-23731
was published
for
embedchain
(pip)
Jan 21, 2024
Code Injection in paddlepaddle
Critical
CVE-2024-0521
was published
for
paddlepaddle
(pip)
Jan 20, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23681
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Code injection in mingSoft MCMS
High
CVE-2023-51282
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 16, 2024
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
High
CVE-2024-21643
was published
for
Microsoft.IdentityModel.Protocols.SignedHttpRequest
(NuGet)
Jan 9, 2024
XWiki Remote Code Execution Vulnerability via User Registration
Critical
CVE-2024-21650
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Jan 8, 2024
Apache InLong Manager Remote Code Execution vulnerability
Critical
CVE-2023-51784
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
JeecgBoot server-side template injection
Critical
CVE-2023-41544
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Dec 30, 2023
ShifuML shifu code injection vulnerability
Moderate
CVE-2023-7148
was published
for
ml.shifu:shifu
(Maven)
Dec 29, 2023
free5GC AMF denial of service vulnerability
High
CVE-2023-49391
was published
for
github.com/free5gc/amf
(Go)
Dec 22, 2023
Remote code execution/programming rights with configuration section from any user account
Critical
CVE-2023-50723
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 16, 2023
Remote code execution from account through SearchAdmin
Critical
CVE-2023-50721
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Dec 16, 2023
Named path parameters can be overridden in TrieRouter
Moderate
CVE-2023-50710
was published
for
hono
(npm)
Dec 15, 2023
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Critical
CVE-2023-49093
was published
for
org.htmlunit:htmlunit
(Maven)
Dec 4, 2023
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
Critical
CVE-2023-48887
was published
for
org.jupiter-rpc:jupiter-rpc
(Maven)
Dec 2, 2023
October CMS safe mode bypass using Twig sandbox escape
Critical
CVE-2023-44382
was published
for
october/system
(Composer)
Nov 29, 2023
October CMS safe mode bypass using Page template injection
Moderate
CVE-2023-44381
was published
for
october/system
(Composer)
Nov 29, 2023
ProTip!
Advisories are also available from the
GraphQL API