Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,413
Erlang
28
GitHub Actions
16
Go
1,653
Maven
4,915
npm
3,441
NuGet
594
pip
2,821
Pub
10
RubyGems
823
Rust
762
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,416 advisories

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti... Critical Unreviewed
CVE-2024-22144 was published Apr 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced... Critical Unreviewed
CVE-2024-31266 was published Apr 25, 2024
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug... Moderate Unreviewed
CVE-2024-20359 was published Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) High
CVE-2024-28848 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) High
CVE-2024-28847 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7602 was published for drupal/core (Composer) Apr 23, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) Critical
CVE-2024-28253 was published for org.open-metadata:openmetadata-service (Maven) Apr 23, 2024
pwntester
MySQL2 for Node Arbitrary Code Injection Critical
CVE-2024-21511 was published for mysql2 (npm) Apr 23, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2024-29991 was published Apr 19, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy... Critical Unreviewed
CVE-2024-32599 was published Apr 18, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The... Unknown Unreviewed
CVE-2024-31861 was published Apr 11, 2024
mysql2 Remote Code Execution (RCE) via the readCodeFor function Critical
CVE-2024-21508 was published for mysql2 (npm) Apr 11, 2024
Aim Web API vulnerable to Remote Code Execution Critical
CVE-2024-2195 was published for aim (pip) Apr 10, 2024
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution Critical
CVE-2024-3098 was published for llama-index-core (pip) Apr 10, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string Critical
CVE-2024-31864 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Apr 9, 2024
oscerd
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version... Critical Unreviewed
CVE-2023-45590 was published Apr 9, 2024
There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote... Moderate Unreviewed
CVE-2024-25706 was published Apr 4, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto... Critical Unreviewed
CVE-2024-25096 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL.... Critical Unreviewed
CVE-2024-24707 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery... High Unreviewed
CVE-2024-27191 was published Apr 3, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation Moderate
CVE-2024-29477 was published for dolibarr/dolibarr (Composer) Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder... Critical Unreviewed
CVE-2024-31380 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance... Critical Unreviewed
CVE-2024-31390 was published Apr 3, 2024
SCM Software is a client and server application. An Authenticated System manager client can... High Unreviewed
CVE-2024-0400 was published Mar 27, 2024
ProTip! Advisories are also available from the GraphQL API