GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
qlib Deserialization of Untrusted Data vulnerability
Moderate
CVE-2021-23338
was published
for
pyqlib
(pip)
May 24, 2022
Composio Code Injection Vulnerability
Moderate
CVE-2024-8864
was published
for
composio-core
(pip)
Sep 16, 2024
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
Moderate
CVE-2024-37900
was published
for
org.xwiki.platform:xwiki-platform-web-war
(Maven)
Jul 31, 2024
Arbitrary Code Execution in blazar-dashboard
Moderate
CVE-2020-26943
was published
for
blazar-dashboard
(pip)
Oct 27, 2020
Editor.js vulnerable to Code Injection
Moderate
CVE-2022-23474
was published
for
@editorjs/editorjs
(npm)
Aug 5, 2024
Pug allows JavaScript code execution if an application accepts untrusted input
Moderate
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
kubevirt allows a local attacker to execute arbitrary code via a crafted command
Moderate
CVE-2024-33394
was published
for
kubevirt.io/kubevirt
(Go)
May 2, 2024
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository
Moderate
CVE-2024-3924
was published
for
text-generation
(pip)
Jun 2, 2024
Code injection in Apache Zeppelin Shell
Moderate
CVE-2024-31861
was published
for
org.apache.zeppelin:zeppelin-shell
(Maven)
Apr 11, 2024
Ez Platform Object Injection in legacy shop module
Moderate
GHSA-39j2-4p9j-5w4j
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Moderate
GHSA-pqjm-xcp8-wgmm
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers
Moderate
CVE-2009-0668
was published
for
ZODB3
(pip)
May 2, 2022
Symfony Vulnerable to PHP Eval Injection
Moderate
CVE-2015-2308
was published
for
symfony/http-kernel
(Composer)
May 17, 2022
Securimage HTML Injection
Moderate
CVE-2017-14077
was published
for
dapphp/securimage
(Composer)
May 13, 2022
PHP file inclusion via insert tags
Moderate
CVE-2021-37626
was published
for
contao/contao
(Composer)
Aug 23, 2021
Dolibarr ERP CRM Code Injection vulnerability during installation
Moderate
CVE-2024-29477
was published
for
dolibarr/dolibarr
(Composer)
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') in Spring Framework
Moderate
CVE-2010-1622
was published
for
org.springframework:spring
(Maven)
May 17, 2022
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
Moderate
CVE-2012-0394
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Nteract Remote Code Execution vulnerability
Moderate
CVE-2024-22891
was published
for
nteract
(npm)
Mar 1, 2024
Moodle remote code execution via quiz questions
Moderate
CVE-2014-3545
was published
for
moodle/moodle
(Composer)
May 13, 2022
Cobbler vulnerable to code injection via unsafe YAML loading
Moderate
CVE-2011-4953
was published
for
cobbler
(pip)
May 17, 2022
phpMyAdmin remote variable manipulation
Moderate
CVE-2011-2505
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API