GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,799
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,446 advisories
Filter by severity
Symphony Vulnerable to PHP Code Injection via YAML Parsing
High
CVE-2013-1348
was published
for
symfony/symfony
(Composer)
May 17, 2022
Slim vulnerable to PHP object injection
High
CVE-2015-2171
was published
for
slim/slim
(Composer)
May 17, 2022
DOMPDF Remote File Inclusion Vulnerability
High
CVE-2010-4879
was published
for
dompdf/dompdf
(Composer)
May 17, 2022
qlib Deserialization of Untrusted Data vulnerability
Moderate
CVE-2021-23338
was published
for
pyqlib
(pip)
May 24, 2022
IPython Notebook vulnerable to improper validation of the origin of websocket requests
Moderate
CVE-2014-3429
was published
for
ipython
(pip)
May 14, 2022
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers
Moderate
CVE-2009-0668
was published
for
ZODB3
(pip)
May 2, 2022
URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints...
Unknown
Unreviewed
CVE-2024-3955
was published
May 2, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2023-39469
was published
May 3, 2024
Moodle calculated question type allows remote code execution by Question authors
High
CVE-2018-1133
was published
for
moodle/moodle
(Composer)
May 13, 2022
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows...
High
Unreviewed
CVE-2024-4040
was published
Apr 22, 2024
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the...
High
Unreviewed
CVE-2024-25301
was published
Feb 14, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance...
Critical
Unreviewed
CVE-2024-31390
was published
Apr 3, 2024
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers EW_3.0...
Critical
Unreviewed
CVE-2023-34644
was published
Jul 31, 2023
Spring Security OAuth vulnerable to remote code execution (RCE)
Critical
CVE-2018-1260
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
OpenStack Swift Unchecked user input in XML responses
High
CVE-2013-2161
was published
for
swift
(pip)
May 14, 2022
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet:...
High
Unreviewed
CVE-2023-7101
was published
Dec 25, 2023
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
High
GHSA-pgj4-g5j4-cmfx
was published
for
cart2quote/module-quotation-encoded
(Composer)
May 15, 2024
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1...
High
Unreviewed
CVE-2024-3892
was published
May 15, 2024
An issue was identified in the Identity Security Cloud (ISC) Transform preview and...
Critical
Unreviewed
CVE-2024-3319
was published
May 15, 2024
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack...
High
Unreviewed
CVE-2024-4202
was published
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-6mgp-v5cm-ghg5
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-7v68-3pr5-h3cr
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-gxxj-g9v8-w28p
was published
for
drupal/core
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API