GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,413
Erlang
28
GitHub Actions
16
Go
1,653
Maven
4,915
npm
3,441
NuGet
594
pip
2,821
Pub
10
RubyGems
823
Rust
762
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,416 advisories
Filter by severity
Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti...
Critical
Unreviewed
CVE-2024-22144
was published
Apr 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced...
Critical
Unreviewed
CVE-2024-31266
was published
Apr 25, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug...
Moderate
Unreviewed
CVE-2024-20359
was published
Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
High
CVE-2024-28848
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
High
CVE-2024-28847
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7602
was published
for
drupal/core
(Composer)
Apr 23, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Critical
CVE-2024-28253
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 23, 2024
MySQL2 for Node Arbitrary Code Injection
Critical
CVE-2024-21511
was published
for
mysql2
(npm)
Apr 23, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2024-29991
was published
Apr 19, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy...
Critical
Unreviewed
CVE-2024-32599
was published
Apr 18, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.
The...
Unknown
Unreviewed
CVE-2024-31861
was published
Apr 11, 2024
mysql2 Remote Code Execution (RCE) via the readCodeFor function
Critical
CVE-2024-21508
was published
for
mysql2
(npm)
Apr 11, 2024
Aim Web API vulnerable to Remote Code Execution
Critical
CVE-2024-2195
was published
for
aim
(pip)
Apr 10, 2024
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Critical
CVE-2024-3098
was published
for
llama-index-core
(pip)
Apr 10, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version...
Critical
Unreviewed
CVE-2023-45590
was published
Apr 9, 2024
There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote...
Moderate
Unreviewed
CVE-2024-25706
was published
Apr 4, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto...
Critical
Unreviewed
CVE-2024-25096
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL....
Critical
Unreviewed
CVE-2024-24707
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery...
High
Unreviewed
CVE-2024-27191
was published
Apr 3, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation
Moderate
CVE-2024-29477
was published
for
dolibarr/dolibarr
(Composer)
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder...
Critical
Unreviewed
CVE-2024-31380
was published
Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance...
Critical
Unreviewed
CVE-2024-31390
was published
Apr 3, 2024
SCM Software is a client and server application. An Authenticated System manager client can...
High
Unreviewed
CVE-2024-0400
was published
Mar 27, 2024
ProTip!
Advisories are also available from the
GraphQL API