Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,829
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

83 advisories

Loading
Duplicate Advisory: Plenti - Code Injection - Denial of Services Moderate
GHSA-323w-6p85-26fr was published for github.com/plentico/plenti (Go) Mar 12, 2025 withdrawn
PrismJS DOM Clobbering vulnerability Moderate
CVE-2024-53382 was published for prismjs (npm) Mar 3, 2025
lkuechler
Stage.js DOM Clobbering vulnerabilty Moderate
CVE-2024-53386 was published for stage-js (npm) Mar 3, 2025
Remote code execution in alextselegidis/easyappointments Moderate
CVE-2024-57601 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
Plenti - Code Injection - Denial of Services Moderate
CVE-2025-26260 was published for github.com/plentico/plenti (Go) Feb 5, 2025
ahmetak4n
dom-iterator code execution vulnerability Moderate
CVE-2024-21541 was published for dom-iterator (npm) Nov 13, 2024
Langflow vulnerable to remote code execution Moderate
CVE-2024-48061 was published for langflow (pip) Nov 5, 2024
CycloneDX cdxgen may execute code contained within build-related files Moderate
CVE-2024-50611 was published for @cyclonedx/cdxgen (npm) Oct 28, 2024
prabhu
Flair allows arbitrary code execution Moderate
CVE-2024-10073 was published for flair (pip) Oct 17, 2024
m3t3kh4n
Composio Code Injection Vulnerability Moderate
CVE-2024-8864 was published for composio-core (pip) Sep 16, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input Moderate
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Editor.js vulnerable to Code Injection Moderate
CVE-2022-23474 was published for @editorjs/editorjs (npm) Aug 5, 2024
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-36694 was published for opencart/opencart (Composer) Jul 17, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
Pug allows JavaScript code execution if an application accepts untrusted input Moderate
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
kubevirt allows a local attacker to execute arbitrary code via a crafted command Moderate
CVE-2024-33394 was published for kubevirt.io/kubevirt (Go) May 2, 2024
Code injection in Apache Zeppelin Shell Moderate
CVE-2024-31861 was published for org.apache.zeppelin:zeppelin-shell (Maven) Apr 11, 2024
raboof
Dolibarr ERP CRM Code Injection vulnerability during installation Moderate
CVE-2024-29477 was published for dolibarr/dolibarr (Composer) Apr 3, 2024
Cross-site Scripting in Moodle Chat Moderate
CVE-2024-28593 was published for moodle/moodle (Composer) Mar 22, 2024
Nteract Remote Code Execution vulnerability Moderate
CVE-2024-22891 was published for nteract (npm) Mar 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database