Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,799
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,446 advisories

Symphony Vulnerable to PHP Code Injection via YAML Parsing High
CVE-2013-1348 was published for symfony/symfony (Composer) May 17, 2022
Slim vulnerable to PHP object injection High
CVE-2015-2171 was published for slim/slim (Composer) May 17, 2022
DOMPDF Remote File Inclusion Vulnerability High
CVE-2010-4879 was published for dompdf/dompdf (Composer) May 17, 2022
qlib Deserialization of Untrusted Data vulnerability Moderate
CVE-2021-23338 was published for pyqlib (pip) May 24, 2022
IPython Notebook vulnerable to improper validation of the origin of websocket requests Moderate
CVE-2014-3429 was published for ipython (pip) May 14, 2022
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers Moderate
CVE-2009-0668 was published for ZODB3 (pip) May 2, 2022
URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints... Unknown Unreviewed
CVE-2024-3955 was published May 2, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string Critical
CVE-2024-31864 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Apr 9, 2024
oscerd
PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-39469 was published May 3, 2024
Moodle calculated question type allows remote code execution by Question authors High
CVE-2018-1133 was published for moodle/moodle (Composer) May 13, 2022
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows... High Unreviewed
CVE-2024-4040 was published Apr 22, 2024
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the... High Unreviewed
CVE-2024-25301 was published Feb 14, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance... Critical Unreviewed
CVE-2024-31390 was published Apr 3, 2024
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers EW_3.0... Critical Unreviewed
CVE-2023-34644 was published Jul 31, 2023
Spring Security OAuth vulnerable to remote code execution (RCE) Critical
CVE-2018-1260 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 18, 2018
MikeMoore63 SunBK201
OpenStack Swift Unchecked user input in XML responses High
CVE-2013-2161 was published for swift (pip) May 14, 2022
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet:... High Unreviewed
CVE-2023-7101 was published Dec 25, 2023
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction High
GHSA-pgj4-g5j4-cmfx was published for cart2quote/module-quotation-encoded (Composer) May 15, 2024
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1... High Unreviewed
CVE-2024-3892 was published May 15, 2024
An issue was identified in the Identity Security Cloud (ISC) Transform preview and... Critical Unreviewed
CVE-2024-3319 was published May 15, 2024
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack... High Unreviewed
CVE-2024-4202 was published May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-6mgp-v5cm-ghg5 was published for drupal/core (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-7v68-3pr5-h3cr was published for drupal/core (Composer) May 15, 2024
Drupal core Arbitrary PHP code execution High
GHSA-gxxj-g9v8-w28p was published for drupal/core (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API