GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
290 advisories
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode
Critical
CVE-2025-12762
was published
for
pgadmin4
(pip)
Nov 13, 2025
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
GitPython vulnerable to Remote Code Execution due to improper user input validation
Critical
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
Arbitrary Code Execution in underscore
Critical
CVE-2021-23358
was published
for
underscore
(npm)
May 6, 2021
graphql allows remote code execution when loading a crafted GraphQL schema
Critical
CVE-2025-27407
was published
for
graphql
(RubyGems)
Mar 12, 2025
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning
Critical
CVE-2025-59823
was published
for
github.com/gardener/gardener-extension-provider-aws
(Go)
Sep 25, 2025
Apache Struts Remote Java Code Execution
Critical
CVE-2012-0391
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
Critical
CVE-2022-22963
was published
for
org.springframework.cloud:spring-cloud-function-context
(Maven)
Apr 3, 2022
Improper Control of Generation of Code ('Code Injection') in jai-ext
Critical
CVE-2022-24816
was published
for
it.geosolutions.jaiext.jiffle:jt-jiffle
(Maven)
Sep 19, 2023
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
Code Injection in PHPUnit
Critical
CVE-2017-9841
was published
for
phpunit/phpunit
(Composer)
Mar 26, 2022
Withdrawn Advisory: Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Critical
CVE-2024-39236
was published
for
Gradio
(pip)
Jul 1, 2024
•
withdrawn
FlowiseAI Pre-Auth Arbitrary Code Execution
Critical
CVE-2025-57164
was published
for
flowise
(npm)
Sep 15, 2025
ProTip!
Advisories are also available from the
GraphQL API