GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,449 advisories
Filter by severity
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks...
Critical
Unreviewed
CVE-2024-25600
was published
Jun 4, 2024
javascript-deobfuscator crafted payload can lead to code execution
High
CVE-2024-36120
was published
for
js-deobfuscator
(npm)
Jun 4, 2024
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or...
High
Unreviewed
CVE-2024-37061
was published
Jun 4, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository
Moderate
CVE-2024-3924
was published
for
text-generation
(pip)
Jun 2, 2024
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
High
CVE-2014-6072
was published
for
symfony/symfony
(Composer)
May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle
High
CVE-2014-4931
was published
for
symfony/framework-bundle
(Composer)
May 30, 2024
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag
High
CVE-2024-35226
was published
for
smarty/smarty
(Composer)
May 29, 2024
Pug allows JavaScript code execution if an application accepts untrusted input
High
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
litellm passes untrusted data to `eval` function without sanitization
High
CVE-2024-4264
was published
for
litellm
(pip)
May 18, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify...
Critical
Unreviewed
CVE-2024-33644
was published
May 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code...
Critical
Unreviewed
CVE-2023-23645
was published
May 17, 2024
RunGptLLM class in LlamaIndex has a command injection
High
CVE-2024-4181
was published
for
llama-index
(pip)
May 16, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-2ffv-r4r9-r8xr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
Ez Platform Object Injection in legacy shop module
Moderate
GHSA-39j2-4p9j-5w4j
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
EZsystems Remote code execution in file uploads
High
GHSA-9895-26wr-4fgv
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Moderate
GHSA-pqjm-xcp8-wgmm
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-64vj-933f-6pm3
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Publish Remote code execution in file uploads
High
GHSA-3vwr-jj4f-h98x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-2w9p-xxqr-h253
was published
for
ezsystems/ezplatform-kernel
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-j66p-fvp2-fxhj
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-jf8c-36vw-98x4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-gxxj-g9v8-w28p
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-7v68-3pr5-h3cr
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-6mgp-v5cm-ghg5
was published
for
drupal/core
(Composer)
May 15, 2024
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack...
High
Unreviewed
CVE-2024-4202
was published
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API