GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
4,119 advisories
Filter by severity
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow...
High
Unreviewed
CVE-2007-4290
was published
May 1, 2022
** DISPUTED ** PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0...
High
Unreviewed
CVE-2007-5565
was published
May 1, 2022
** DISPUTED ** PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online...
High
Unreviewed
CVE-2007-5097
was published
May 1, 2022
Mongoose search injection vulnerability
Critical
CVE-2025-23061
was published
for
mongoose
(npm)
Jan 15, 2025
A improper neutralization of special elements used in a template engine [CWE-1336] in...
Moderate
Unreviewed
CVE-2023-47542
was published
Apr 9, 2024
The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a...
High
Unreviewed
CVE-2024-50954
was published
Jan 15, 2025
LlamaIndex includes an exec call for `import {cls_name}`
Critical
CVE-2024-45201
was published
for
llama-index-core
(pip)
Aug 22, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
High
CVE-2024-39877
was published
for
apache-airflow
(pip)
Jul 17, 2024
PaddlePaddle vulnerable to remote code execution
Critical
CVE-2024-0917
was published
for
paddlepaddle
(pip)
Mar 7, 2024
Langflow remote code execution vulnerability
High
CVE-2024-37014
was published
for
langflow
(pip)
Jun 10, 2024
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote...
High
Unreviewed
CVE-2009-1547
was published
May 2, 2022
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file...
Critical
Unreviewed
CVE-2024-54724
was published
Jan 9, 2025
The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2,...
High
Unreviewed
CVE-2009-2494
was published
May 2, 2022
The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold...
High
Unreviewed
CVE-2009-2512
was published
May 2, 2022
XWiki Platform: Remote code execution as guest via DatabaseSearch
Critical
CVE-2024-31982
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution through space title and Solr space facet
Critical
CVE-2024-31984
was published
for
org.xwiki.platform:xwiki-platform-search-solr-ui
(Maven)
Apr 10, 2024
TorchGeo Remote Code Execution Vulnerability
High
CVE-2024-49048
was published
for
torchgeo
(pip)
Nov 12, 2024
Craft CMS has a potential RCE with a compromised security key
High
CVE-2025-23209
was published
for
craftcms/cms
(Composer)
Jan 21, 2025
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2,...
High
Unreviewed
CVE-2012-0175
was published
May 4, 2022
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not...
High
Unreviewed
CVE-2012-0014
was published
May 4, 2022
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in...
High
Unreviewed
CVE-2024-13495
was published
Jan 22, 2025
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in...
High
Unreviewed
CVE-2024-13499
was published
Jan 22, 2025
The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is...
Critical
Unreviewed
CVE-2024-42936
was published
Jan 21, 2025
An issue found in Agasio-Camera device version not specified allows a remote attacker to execute...
Critical
Unreviewed
CVE-2023-29862
was published
May 15, 2023
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability
High
GHSA-j2v2-3784-vr44
was published
for
opencart/opencart
(Composer)
Dec 18, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API