Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

76 advisories

Loading
dom-iterator code execution vulnerability Moderate
CVE-2024-21541 was published for dom-iterator (npm) Nov 13, 2024
Langflow vulnerable to remote code execution Moderate
CVE-2024-48061 was published for langflow (pip) Nov 5, 2024
CycloneDX cdxgen may execute code contained within build-related files Moderate
CVE-2024-50611 was published for @cyclonedx/cdxgen (npm) Oct 28, 2024
Flair allows arbitrary code execution Moderate
CVE-2024-10073 was published for flair (pip) Oct 17, 2024
m3t3kh4n
Composio Code Injection Vulnerability Moderate
CVE-2024-8864 was published for composio-core (pip) Sep 16, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input Moderate
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Editor.js vulnerable to Code Injection Moderate
CVE-2022-23474 was published for @editorjs/editorjs (npm) Aug 5, 2024
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-36694 was published for opencart/opencart (Composer) Jul 17, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
Pug allows JavaScript code execution if an application accepts untrusted input Moderate
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
kubevirt allows a local attacker to execute arbitrary code via a crafted command Moderate
CVE-2024-33394 was published for kubevirt.io/kubevirt (Go) May 2, 2024
Code injection in Apache Zeppelin Shell Moderate
CVE-2024-31861 was published for org.apache.zeppelin:zeppelin-shell (Maven) Apr 11, 2024
raboof
Dolibarr ERP CRM Code Injection vulnerability during installation Moderate
CVE-2024-29477 was published for dolibarr/dolibarr (Composer) Apr 3, 2024
Cross-site Scripting in Moodle Chat Moderate
CVE-2024-28593 was published for moodle/moodle (Composer) Mar 22, 2024
Nteract Remote Code Execution vulnerability Moderate
CVE-2024-22891 was published for nteract (npm) Mar 1, 2024
Privilege escalation for users that can access mock configuration Moderate
CVE-2023-6395 was published for templated_dictionary (pip) Jan 16, 2024
ShifuML shifu code injection vulnerability Moderate
CVE-2023-7148 was published for ml.shifu:shifu (Maven) Dec 29, 2023
Named path parameters can be overridden in TrieRouter Moderate
CVE-2023-50710 was published for hono (npm) Dec 15, 2023
October CMS safe mode bypass using Page template injection Moderate
CVE-2023-44381 was published for october/system (Composer) Nov 29, 2023
whatev3n
Moodle Code Injection vulnerability Moderate
CVE-2023-5550 was published for moodle/moodle (Composer) Nov 9, 2023
ProTip! Advisories are also available from the GraphQL API