GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,891 advisories
Filter by severity
XWiki Platform CSRF remote code execution through scheduler job's document reference
Critical
CVE-2024-31986
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution through space title and Solr space facet
Critical
CVE-2024-31984
was published
for
org.xwiki.platform:xwiki-platform-search-solr-ui
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution from edit in multilingual wikis via translations
Critical
CVE-2024-31983
was published
for
org.xwiki.platform:xwiki-platform-localization-source-wiki
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution as guest via DatabaseSearch
Critical
CVE-2024-31982
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Apr 10, 2024
XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
Critical
CVE-2024-31981
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
Critical
CVE-2024-31465
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Apr 10, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks
Critical
GHSA-j496-crgh-34mx
was published
for
github.com/cosmos/ibc-go
(Go)
Apr 5, 2024
transpose: Buffer overflow due to integer overflow
Critical
GHSA-5gmm-6m36-r7jh
was published
for
transpose
(Rust)
Apr 5, 2024
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Critical
CVE-2021-27312
was published
for
gleez/cms
(Composer)
Apr 3, 2024
Jupyter Server Proxy's Websocket Proxying does not require authentication
Critical
CVE-2024-28179
was published
for
jupyter-server-proxy
(pip)
Mar 20, 2024
Server crashes on invalid Cloud Function or Cloud Job name
Critical
CVE-2024-29027
was published
for
parse-server
(npm)
Mar 19, 2024
Cross-site scripting on application summary component
Critical
CVE-2024-28175
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Pterodactyl Wings vulnerable to improper isolation of server file access
Critical
CVE-2024-27102
was published
for
github.com/pterodactyl/wings
(Go)
Mar 15, 2024
discordrb OS Command Injection vulnerability
Critical
CVE-2023-28102
was published
for
discordrb
(RubyGems)
Mar 14, 2024
Whoogle Search Server-Side Request Forgery vulnerability
Critical
CVE-2024-22205
was published
for
whoogle-search
(pip)
Mar 14, 2024
Whoogle Search Path Traversal vulnerability
Critical
CVE-2024-22203
was published
for
whoogle-search
(pip)
Mar 14, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Critical
CVE-2024-2044
was published
for
pgAdmin4
(pip)
Mar 7, 2024
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Critical
CVE-2024-28123
was published
for
wasmi
(Rust)
Mar 7, 2024
PaddlePaddle Path Traversal vulnerability
Critical
CVE-2024-0818
was published
for
paddlepaddle
(pip)
Mar 7, 2024
PaddlePaddle vulnerable to remote code execution
Critical
CVE-2024-0917
was published
for
paddlepaddle
(pip)
Mar 7, 2024
PaddlePaddle command injection in paddle.utils.download._wget_download
Critical
CVE-2024-0815
was published
for
paddlepaddle
(pip)
Mar 7, 2024
PaddlePaddle command injection vulnerability
Critical
CVE-2024-0817
was published
for
paddlepaddle
(pip)
Mar 7, 2024
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
ProTip!
Advisories are also available from the
GraphQL API