GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+
81 advisories
Filter by severity
vyper performs multiple eval of `sqrt()` argument built in
Moderate
CVE-2024-32649
was published
for
vyper
(pip)
Apr 25, 2024
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
Critical
CVE-2024-31996
was published
for
org.xwiki.commons:xwiki-commons-velocity
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
Critical
CVE-2024-31465
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Apr 10, 2024
Arbitrary Code Execution in Pillow
Critical
CVE-2023-50447
was published
for
Pillow
(pip)
Jan 19, 2024
The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to...
Critical
Unreviewed
CVE-2024-8512
was published
Oct 30, 2024
Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE)
Moderate
GHSA-mpcw-3j5p-p99x
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
Chaosblade vulnerable to OS command execution
Critical
CVE-2023-47105
was published
for
github.com/chaosblade-io/chaosblade
(Go)
Sep 18, 2024
Refuel Autolab Eval Injection vulnerability
High
CVE-2024-27320
was published
for
refuel-autolabel
(pip)
Sep 12, 2024
Refuel Autolab Eval Injection vulnerability
High
CVE-2024-27321
was published
for
refuel-autolabel
(pip)
Sep 12, 2024
LangChain Experimental Eval Injection vulnerability
Critical
CVE-2024-46946
was published
for
langchain-experimental
(pip)
Sep 19, 2024
Guardrails has an arbitrary code execution vulnerability
High
CVE-2024-45858
was published
for
guardrails-ai
(pip)
Sep 18, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45851
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45850
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45849
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45848
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45846
was published
for
mindsdb
(pip)
Sep 12, 2024
MindsDB Eval Injection vulnerability
High
CVE-2024-45847
was published
for
mindsdb
(pip)
Sep 12, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Critical
CVE-2024-37901
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Jul 31, 2024
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external...
High
Unreviewed
CVE-2023-7224
was published
Jan 8, 2024
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39...
High
Unreviewed
CVE-2023-6735
was published
Jan 12, 2024
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not...
High
Unreviewed
CVE-2023-7245
was published
Feb 20, 2024
calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability...
Critical
Unreviewed
CVE-2024-39173
was published
Jul 18, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference
Critical
CVE-2024-31986
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 10, 2024
XWiki Remote Code Execution Vulnerability via User Registration
Critical
CVE-2024-21650
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Jan 8, 2024
ProTip!
Advisories are also available from the
GraphQL API