GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
571 advisories
Filter by severity
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(npm)
Oct 11, 2024
Remote command execution in promptr
High
CVE-2024-46489
was published
for
@ifnotnowwhen/promptr
(npm)
Sep 25, 2024
sqlitedict insecure deserialization vulnerability
High
CVE-2024-35515
was published
for
sqlitedict
(pip)
Sep 18, 2024
Composio Code Injection Vulnerability
Moderate
CVE-2024-8864
was published
for
composio-core
(pip)
Sep 16, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45851
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45849
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45847
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45850
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45848
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45846
was published
for
mindsdb
(pip)
Sep 12, 2024
pyload-ng vulnerable to RCE with js2py sandbox escape
Critical
GHSA-r9pp-r4xf-597r
was published
for
pyload-ng
(pip)
Sep 9, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Critical
CVE-2024-45053
was published
for
ethyca-fides
(pip)
Sep 4, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input
High
CVE-2024-45390
was published
for
@blakeembrey/template
(npm)
Sep 3, 2024
req may send an unintended request when a malformed URL is provided
High
CVE-2024-45258
was published
for
github.com/imroc/req
(Go)
Aug 26, 2024
LlamaIndex includes an exec call for `import {cls_name}`
Critical
CVE-2024-45201
was published
for
llama-index-core
(pip)
Aug 22, 2024
squirrelly Code Injection vulnerability
High
CVE-2024-40453
was published
for
squirrelly
(npm)
Aug 21, 2024
Apache Dolphinscheduler Code Injection vulnerability
Critical
CVE-2024-43202
was published
for
org.apache.dolphinscheduler:dolphinscheduler-task-api
(Maven)
Aug 20, 2024
GitHub Actions Script Injection in `ultralytics/actions`
Critical
GHSA-7x29-qqmq-v6qc
was published
for
ultralytics/actions
(GitHub Actions)
Aug 14, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions
High
CVE-2024-42356
was published
for
shopware/core
(Composer)
Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
High
CVE-2024-42355
was published
for
shopware/core
(Composer)
Aug 8, 2024
Editor.js vulnerable to Code Injection
Moderate
CVE-2022-23474
was published
for
@editorjs/editorjs
(npm)
Aug 5, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally
High
CVE-2024-34344
was published
for
nuxt
(npm)
Aug 5, 2024
Apache Inlong Code Injection vulnerability
High
CVE-2024-36268
was published
for
org.apache.inlong:tubemq-core
(Maven)
Aug 2, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Critical
CVE-2024-37901
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Jul 31, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
Moderate
CVE-2024-37900
was published
for
org.xwiki.platform:xwiki-platform-web-war
(Maven)
Jul 31, 2024
ProTip!
Advisories are also available from the
GraphQL API