GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,648
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,984
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,441 advisories
Filter by severity
Server Side Template Injection (SSTI)
High
CVE-2024-28118
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28117
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
High
CVE-2024-28116
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the...
Moderate
Unreviewed
CVE-2024-2016
was published
Mar 21, 2024
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2024-2497
was published
Mar 15, 2024
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an...
Critical
Unreviewed
CVE-2024-22127
was published
Mar 12, 2024
PaddlePaddle vulnerable to remote code execution
Critical
CVE-2024-0917
was published
for
paddlepaddle
(pip)
Mar 7, 2024
Budibase affected by VM2 Constructor Escape Vulnerability
Critical
GHSA-4g2x-vq5p-5vj6
was published
for
@budibase/server
(npm)
Mar 1, 2024
Nteract Remote Code Execution vulnerability
Moderate
CVE-2024-22891
was published
for
nteract
(npm)
Mar 1, 2024
Apache Ambari: authenticated users could perform command injection to perform RCE
High
CVE-2023-50379
was published
for
org.apache.ambari.contrib.views:ambari-contrib-views
(Maven)
Feb 27, 2024
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG...
Moderate
Unreviewed
CVE-2024-1885
was published
Feb 26, 2024
A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue...
Moderate
Unreviewed
CVE-2024-1705
was published
Feb 21, 2024
Arbitrary File Read Vulnerability in Apache Dolphinscheduler
High
CVE-2023-51770
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Remote Code Execution in Apache Dolphinscheduler
High
CVE-2023-49109
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Loomio version 2.22.0 allows executing arbitrary commands on the server.
This is possible...
Critical
Unreviewed
CVE-2024-1297
was published
Feb 20, 2024
Script injection vulnerability in the email module.Successful exploitation of this vulnerability...
Unknown
Unreviewed
CVE-2023-52381
was published
Feb 18, 2024
Code injection in REDAXO
High
CVE-2024-25298
was published
for
redaxo/source
(Composer)
Feb 17, 2024
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the...
High
Unreviewed
CVE-2024-25301
was published
Feb 14, 2024
TYPO3 Install Tool vulnerable to Code Execution
High
CVE-2024-22188
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Microsoft Outlook Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-21378
was published
Feb 13, 2024
In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an...
Critical
Unreviewed
CVE-2024-22131
was published
Feb 13, 2024
A potential attacker with access to the Westermo Lynx device may be able to execute...
High
Unreviewed
CVE-2023-45735
was published
Feb 7, 2024
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is...
High
Unreviewed
CVE-2023-6996
was published
Feb 6, 2024
Vintage,
member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay...
Moderate
Unreviewed
CVE-2023-5800
was published
Feb 5, 2024
Brandon
Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi
did not have a...
Moderate
Unreviewed
CVE-2023-5677
was published
Feb 5, 2024
ProTip!
Advisories are also available from the
GraphQL API