Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,648
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,984
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,441 advisories

Server Side Template Injection (SSTI) High
CVE-2024-28118 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
Server Side Template Injection (SSTI) High
CVE-2024-28117 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass High
CVE-2024-28116 was published for getgrav/grav (Composer) Mar 22, 2024
akabe1
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the... Moderate Unreviewed
CVE-2024-2016 was published Mar 21, 2024
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue... Moderate Unreviewed
CVE-2024-2497 was published Mar 15, 2024
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an... Critical Unreviewed
CVE-2024-22127 was published Mar 12, 2024
PaddlePaddle vulnerable to remote code execution Critical
CVE-2024-0917 was published for paddlepaddle (pip) Mar 7, 2024
Budibase affected by VM2 Constructor Escape Vulnerability Critical
GHSA-4g2x-vq5p-5vj6 was published for @budibase/server (npm) Mar 1, 2024
Nteract Remote Code Execution vulnerability Moderate
CVE-2024-22891 was published for nteract (npm) Mar 1, 2024
Apache Ambari: authenticated users could perform command injection to perform RCE High
CVE-2023-50379 was published for org.apache.ambari.contrib.views:ambari-contrib-views (Maven) Feb 27, 2024
oscerd
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG... Moderate Unreviewed
CVE-2024-1885 was published Feb 26, 2024
A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue... Moderate Unreviewed
CVE-2024-1705 was published Feb 21, 2024
Arbitrary File Read Vulnerability in Apache Dolphinscheduler High
CVE-2023-51770 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Remote Code Execution in Apache Dolphinscheduler High
CVE-2023-49109 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible... Critical Unreviewed
CVE-2024-1297 was published Feb 20, 2024
Script injection vulnerability in the email module.Successful exploitation of this vulnerability... Unknown Unreviewed
CVE-2023-52381 was published Feb 18, 2024
Code injection in REDAXO High
CVE-2024-25298 was published for redaxo/source (Composer) Feb 17, 2024
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the... High Unreviewed
CVE-2024-25301 was published Feb 14, 2024
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
Microsoft Outlook Remote Code Execution Vulnerability High Unreviewed
CVE-2024-21378 was published Feb 13, 2024
In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an... Critical Unreviewed
CVE-2024-22131 was published Feb 13, 2024
A potential attacker with access to the Westermo Lynx device may be able to execute... High Unreviewed
CVE-2023-45735 was published Feb 7, 2024
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is... High Unreviewed
CVE-2023-6996 was published Feb 6, 2024
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay... Moderate Unreviewed
CVE-2023-5800 was published Feb 5, 2024
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a... Moderate Unreviewed
CVE-2023-5677 was published Feb 5, 2024
ProTip! Advisories are also available from the GraphQL API