Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,651
Erlang
34
GitHub Actions
26
Go
2,252
Maven
5,000+
npm
3,904
NuGet
702
pip
3,676
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

295 advisories

Loading
Pycel allows code injection via a crafted formula High
CVE-2024-53924 was published for pycel (pip) Apr 17, 2025
Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution High
CVE-2025-31722 was published for org.jenkins-ci.plugins:templating-engine (Maven) Apr 2, 2025
LoLLMS Code Injection vulnerability High
CVE-2024-6982 was published for lollms (pip) Mar 20, 2025
Arbitrary Code Execution via Crafted Keras Config for Model Loading High
CVE-2025-1550 was published for keras (pip) Mar 11, 2025
io-no
Duplicate Advisory: Keras arbitrary code execution vulnerability High
GHSA-5478-v2w6-c6q7 was published for keras (pip) Mar 11, 2025 withdrawn
Spacy-LLM Server-Side Template Injection (SSTI) vulnerability High
CVE-2025-25362 was published for spacy-llm (pip) Mar 5, 2025
JSONPath Plus allows Remote Code Execution High
CVE-2025-1302 was published for jsonpath-plus (npm) Feb 15, 2025
Craft CMS has a potential RCE with a compromised security key High
CVE-2025-23209 was published for craftcms/cms (Composer) Jan 21, 2025
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) High
CVE-2024-56334 was published for systeminformation (npm) Dec 20, 2024
xAiluros
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution High
CVE-2024-56327 was published for pyrage (pip) Dec 19, 2024
gaby woodruffw
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability High
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
UniSharp Laravel Filemanager Code Injection vulnerability High
CVE-2024-21546 was published for unisharp/laravel-filemanager (Composer) Dec 18, 2024
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method High
CVE-2024-55661 was published for laravel/pulse (Composer) Dec 13, 2024
angelej
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization High
CVE-2024-36610 was published for symfony/var-dumper (Composer) Nov 29, 2024 withdrawn
jderusse
Remote Code Execution on click of <a> Link in markdown preview High
CVE-2024-49362 was published for joplin (npm) Nov 14, 2024
jackfromeast gshanbhag525
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI High
CVE-2024-52293 was published for craftcms/cms (Composer) Nov 13, 2024
rewhile
TorchGeo Remote Code Execution Vulnerability High
CVE-2024-49048 was published for torchgeo (pip) Nov 12, 2024
Moodle Remote Code Execution vulnerability High
CVE-2024-43425 was published for moodle/moodle (Composer) Nov 7, 2024
AgentScope uses `eval` High
CVE-2024-48050 was published for agentscope (pip) Nov 5, 2024
lilconfig Code Injection vulnerability High
CVE-2024-21537 was published for lilconfig (npm) Oct 31, 2024
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
OS Command Injection in Snyk gradle plugin High
CVE-2024-48964 was published for snyk-gradle-plugin (npm) Oct 23, 2024
Remote command execution in promptr High
CVE-2024-46489 was published for @ifnotnowwhen/promptr (npm) Sep 25, 2024
sqlitedict insecure deserialization vulnerability High
CVE-2024-35515 was published for sqlitedict (pip) Sep 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database