Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

4,005 advisories

Loading
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso... Critical Unreviewed
CVE-2024-52427 was published Nov 18, 2024
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2024-10899 was published Nov 20, 2024
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of... Critical Unreviewed
CVE-2024-50636 was published Nov 12, 2024
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary... Critical Unreviewed
CVE-2023-29382 was published Jul 6, 2023
xalpha vulnerable to Remote Code Execution Critical
CVE-2023-37659 was published for xalpha (pip) Jul 11, 2023
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers Critical
CVE-2009-0668 was published for ZODB3 (pip) May 2, 2022
Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a... High Unreviewed
CVE-2024-50804 was published Nov 18, 2024
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of... Critical Unreviewed
CVE-2024-50919 was published Nov 18, 2024
An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup... High Unreviewed
CVE-2024-52945 was published Nov 18, 2024
Code injection in ymlref Critical
CVE-2018-20133 was published for ymlref (pip) Dec 19, 2018
The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7... High Unreviewed
CVE-2024-11038 was published Nov 19, 2024
The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in... High Unreviewed
CVE-2024-11036 was published Nov 19, 2024
vault-cli contains possible RCE when reading user-defined data Moderate
CVE-2021-43837 was published for vault-cli (pip) Dec 16, 2021
ewjoachim
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
TDQM Arbitrary Code Execution High
CVE-2016-10075 was published for tqdm (pip) May 14, 2022
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine High
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja andres-torres-marroquin
adamsachs daveqnet
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input Moderate
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
GitHub Actions Script Injection in `ultralytics/actions` High
GHSA-7x29-qqmq-v6qc was published for ultralytics/actions (GitHub Actions) Aug 14, 2024
AdnaneKhan
Nuxt vulnerable to remote code execution via the browser when running the test locally Critical
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader High
CVE-2024-37900 was published for org.xwiki.platform:xwiki-platform-web-war (Maven) Jul 31, 2024
RoboGR00t
langchain-experimental vulnerable to Arbitrary Code Execution Critical
CVE-2024-21513 was published for langchain-experimental (pip) Jul 15, 2024
Arbitrary Code Execution in Pillow Critical
CVE-2023-50447 was published for Pillow (pip) Jan 19, 2024
nuxt Code Injection vulnerability Critical
CVE-2023-3224 was published for nuxt (npm) Jun 13, 2023
danielroe OhB00
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database