Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,688
Erlang
34
GitHub Actions
26
Go
2,274
Maven
5,000+
npm
3,930
NuGet
706
pip
3,696
Pub
12
RubyGems
919
Rust
955
Swift
38
Unreviewed advisories
All unreviewed
5,000+

652 advisories

Loading
OPA server Data API HTTP path injection of Rego High
CVE-2025-46569 was published for github.com/open-policy-agent/opa (Go) May 1, 2025
GamrayW HyouKash
AdrienIT
Froxlor vulnerable to Code Injection Moderate
CVE-2022-3721 was published for froxlor/froxlor (Composer) Nov 4, 2022
Flair allows arbitrary code execution Moderate
CVE-2024-10073 was published for flair (pip) Oct 17, 2024
m3t3kh4n wnowicki
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList Critical
CVE-2024-55877 was published for org.xwiki.platform:xwiki-platform-help-ui (Maven) Dec 12, 2024
XWiki allows remote code execution through the extension sheet Critical
CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
Pug allows JavaScript code execution if an application accepts untrusted input Moderate
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger filipeom
Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository High
CVE-2025-3642 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository High
CVE-2025-3641 was published for moodle/moodle (Composer) Apr 25, 2025
Craft CMS Allows Remote Code Execution Critical
CVE-2025-32432 was published for craftcms/cms (Composer) Apr 25, 2025
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
InternLM LMDeploy code injection vulnerability Moderate
CVE-2025-3163 was published for lmdeploy (pip) Apr 3, 2025
Pycel allows code injection via a crafted formula High
CVE-2024-53924 was published for pycel (pip) Apr 17, 2025
nest allows a remote attacker to execute arbitrary code via the Content-Type header Moderate
CVE-2024-29409 was published for @nestjs/common (npm) Mar 14, 2025
aydinnyunus axi92
fperalta-INTIVE
Bundler allows attacker to inject arbitrary code via secondary Gem source Critical
CVE-2016-7954 was published for bundler (RubyGems) May 14, 2022
Dragonfly Code Injection vulnerability High
CVE-2013-1756 was published for dragonfly (RubyGems) Oct 24, 2017
phpMyAdmin Code Injection vulnerability Critical
CVE-2016-5734 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
TYPO3 powermail extension has unrestricted file upload vulnerability High
CVE-2014-3947 was published for in2code/powermail (Composer) May 17, 2022
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code High
CVE-2014-3942 was published for typo3/cms (Composer) May 14, 2022
TYPO3 vulnerable to remote authenticated arbitrary code execution High
CVE-2013-4321 was published for typo3/cms (Composer) May 17, 2022
Pimcore Vulnerable to PHP Object Injection Attacks High
CVE-2014-2921 was published for pimcore/pimcore (Composer) May 17, 2022
ImpressPages CMS eval injection vulnerability High
CVE-2011-4932 was published for impresspages/impresspages (Composer) May 17, 2022
Webkit PDFs for TYPO3 allows remote attackers to execute arbitrary commands High
CVE-2010-4962 was published for dmk/webkitpdf (Composer) May 17, 2022
EGroupware Code Injection vulnerability High
CVE-2010-3313 was published for egroupware/egroupware (Composer) May 17, 2022
TYPO3 PHP remote file inclusion vulnerability High
CVE-2010-1153 was published for typo3/cms (Composer) May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database