GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,799
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
539 advisories
Filter by severity
Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify...
Critical
Unreviewed
CVE-2024-33644
was published
May 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code...
Critical
Unreviewed
CVE-2023-23645
was published
May 17, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-2ffv-r4r9-r8xr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-jf8c-36vw-98x4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-7v68-3pr5-h3cr
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-6mgp-v5cm-ghg5
was published
for
drupal/core
(Composer)
May 15, 2024
An issue was identified in the Identity Security Cloud (ISC) Transform preview and...
Critical
Unreviewed
CVE-2024-3319
was published
May 15, 2024
Spring Security OAuth vulnerable to remote code execution (RCE)
Critical
CVE-2018-1260
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers EW_3.0...
Critical
Unreviewed
CVE-2023-34644
was published
Jul 31, 2023
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance...
Critical
Unreviewed
CVE-2024-31390
was published
Apr 3, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
Subrion CMS PHP Object Injection
Critical
CVE-2017-5543
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti...
Critical
Unreviewed
CVE-2024-22144
was published
Apr 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced...
Critical
Unreviewed
CVE-2024-31266
was published
Apr 25, 2024
Smarty PHP code injection
Critical
CVE-2017-1000480
was published
for
smarty/smarty
(Composer)
May 14, 2022
Dolibarr remote PHP code execution
Critical
CVE-2021-33816
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
yii2-redis Potential Remote code execution
Critical
CVE-2018-8073
was published
for
yiisoft/yii2-redis
(Composer)
May 14, 2022
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Critical
CVE-2024-28253
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 23, 2024
Moodle remote code execution
Critical
CVE-2022-40314
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Elefant CMS PHP Code Execution Vulnerability
Critical
CVE-2018-16975
was published
for
elefant/cms
(Composer)
May 13, 2022
phpWhois arbitrary code execution via a crafted whois record
Critical
CVE-2015-5243
was published
for
brightlocal/phpwhois
(Composer)
May 14, 2022
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7602
was published
for
drupal/core
(Composer)
Apr 23, 2024
MySQL2 for Node Arbitrary Code Injection
Critical
CVE-2024-21511
was published
for
mysql2
(npm)
Apr 23, 2024
Joplin Vulnerable to Code Injection
Critical
CVE-2022-23340
was published
for
joplin
(npm)
Feb 9, 2022
Drupal PECL YAML parser unsafe object handling
Critical
CVE-2017-6920
was published
for
drupal/core
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API