GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,481
Erlang
29
GitHub Actions
16
Go
1,695
Maven
4,936
npm
3,466
NuGet
601
pip
2,971
Pub
10
RubyGems
825
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,425 advisories
Filter by severity
There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote...
Moderate
Unreviewed
CVE-2024-25706
was published
Apr 4, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL....
Critical
Unreviewed
CVE-2024-24707
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto...
Critical
Unreviewed
CVE-2024-25096
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance...
Critical
Unreviewed
CVE-2024-31390
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery...
High
Unreviewed
CVE-2024-27191
was published
Apr 3, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation
Moderate
CVE-2024-29477
was published
for
dolibarr/dolibarr
(Composer)
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder...
Critical
Unreviewed
CVE-2024-31380
was published
Apr 3, 2024
SCM Software is a client and server application. An Authenticated System manager client can...
High
Unreviewed
CVE-2024-0400
was published
Mar 27, 2024
Server Side Template Injection (SSTI) via Twig escape handler
High
CVE-2024-28119
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28118
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28117
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
High
CVE-2024-28116
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the...
Moderate
Unreviewed
CVE-2024-2016
was published
Mar 21, 2024
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2024-2497
was published
Mar 15, 2024
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an...
Critical
Unreviewed
CVE-2024-22127
was published
Mar 12, 2024
PaddlePaddle vulnerable to remote code execution
Critical
CVE-2024-0917
was published
for
paddlepaddle
(pip)
Mar 7, 2024
Budibase affected by VM2 Constructor Escape Vulnerability
Critical
GHSA-4g2x-vq5p-5vj6
was published
for
@budibase/server
(npm)
Mar 1, 2024
Nteract Remote Code Execution vulnerability
Moderate
CVE-2024-22891
was published
for
nteract
(npm)
Mar 1, 2024
Apache Ambari: authenticated users could perform command injection to perform RCE
High
CVE-2023-50379
was published
for
org.apache.ambari.contrib.views:ambari-contrib-views
(Maven)
Feb 27, 2024
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG...
Moderate
Unreviewed
CVE-2024-1885
was published
Feb 26, 2024
A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue...
Moderate
Unreviewed
CVE-2024-1705
was published
Feb 21, 2024
Arbitrary File Read Vulnerability in Apache Dolphinscheduler
High
CVE-2023-51770
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Remote Code Execution in Apache Dolphinscheduler
High
CVE-2023-49109
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Loomio version 2.22.0 allows executing arbitrary commands on the server.
This is possible...
Critical
Unreviewed
CVE-2024-1297
was published
Feb 20, 2024
Script injection vulnerability in the email module.Successful exploitation of this vulnerability...
Unknown
Unreviewed
CVE-2023-52381
was published
Feb 18, 2024
ProTip!
Advisories are also available from the
GraphQL API