Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,481
Erlang
29
GitHub Actions
16
Go
1,695
Maven
4,936
npm
3,466
NuGet
601
pip
2,971
Pub
10
RubyGems
825
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,425 advisories

There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote... Moderate Unreviewed
CVE-2024-25706 was published Apr 4, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL.... Critical Unreviewed
CVE-2024-24707 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto... Critical Unreviewed
CVE-2024-25096 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance... Critical Unreviewed
CVE-2024-31390 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery... High Unreviewed
CVE-2024-27191 was published Apr 3, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation Moderate
CVE-2024-29477 was published for dolibarr/dolibarr (Composer) Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder... Critical Unreviewed
CVE-2024-31380 was published Apr 3, 2024
SCM Software is a client and server application. An Authenticated System manager client can... High Unreviewed
CVE-2024-0400 was published Mar 27, 2024
Server Side Template Injection (SSTI) via Twig escape handler High
CVE-2024-28119 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
Server Side Template Injection (SSTI) High
CVE-2024-28118 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
Server Side Template Injection (SSTI) High
CVE-2024-28117 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass High
CVE-2024-28116 was published for getgrav/grav (Composer) Mar 22, 2024
akabe1
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the... Moderate Unreviewed
CVE-2024-2016 was published Mar 21, 2024
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue... Moderate Unreviewed
CVE-2024-2497 was published Mar 15, 2024
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an... Critical Unreviewed
CVE-2024-22127 was published Mar 12, 2024
PaddlePaddle vulnerable to remote code execution Critical
CVE-2024-0917 was published for paddlepaddle (pip) Mar 7, 2024
Budibase affected by VM2 Constructor Escape Vulnerability Critical
GHSA-4g2x-vq5p-5vj6 was published for @budibase/server (npm) Mar 1, 2024
Nteract Remote Code Execution vulnerability Moderate
CVE-2024-22891 was published for nteract (npm) Mar 1, 2024
Apache Ambari: authenticated users could perform command injection to perform RCE High
CVE-2023-50379 was published for org.apache.ambari.contrib.views:ambari-contrib-views (Maven) Feb 27, 2024
oscerd
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG... Moderate Unreviewed
CVE-2024-1885 was published Feb 26, 2024
A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue... Moderate Unreviewed
CVE-2024-1705 was published Feb 21, 2024
Arbitrary File Read Vulnerability in Apache Dolphinscheduler High
CVE-2023-51770 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Remote Code Execution in Apache Dolphinscheduler High
CVE-2023-49109 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible... Critical Unreviewed
CVE-2024-1297 was published Feb 20, 2024
Script injection vulnerability in the email module.Successful exploitation of this vulnerability... Unknown Unreviewed
CVE-2023-52381 was published Feb 18, 2024
ProTip! Advisories are also available from the GraphQL API