GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
464 advisories
Filter by severity
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
High
CVE-2024-46986
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to...
High
Unreviewed
CVE-2024-43388
was published
Sep 10, 2024
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
High
CVE-2024-42370
was published
for
litestar
(pip)
Aug 9, 2024
•
withdrawn
Flowise Path Injection at /api/v1/openai-assistants-file
High
CVE-2024-36420
was published
for
flowise
(npm)
Aug 5, 2024
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable...
High
Unreviewed
CVE-2024-6331
was published
Aug 4, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins
High
CVE-2024-41122
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
High
CVE-2024-41111
was published
for
github.com/bishopfox/sliver
(Go)
Jul 18, 2024
Apache Wicket: Remote code execution via XSLT injection
High
CVE-2024-36522
was published
for
org.apache.wicket:wicket-util
(Maven)
Jul 12, 2024
Zend-Mail remote code execution in zend-mail via Sendmail adapter
High
GHSA-cxf7-m5g2-v594
was published
for
zendframework/zend-mail
(Composer)
Jun 7, 2024
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`
High
GHSA-jq87-2wxp-8349
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
silverstripe/framework code execution vulnerability
High
GHSA-vgxh-x8jv-hmff
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework CSV Excel Macro Injection
High
GHSA-mqjc-x563-c9q8
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Ghost allows CSV Injection during member CSV export
High
CVE-2024-34448
was published
for
@tryghost/members-csv
(npm)
May 22, 2024
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run...
High
Unreviewed
CVE-2023-46304
was published
Apr 30, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections
High
CVE-2024-29896
was published
for
@kindspells/astro-shield
(npm)
Mar 29, 2024
RCE in TranformGraph().to_dot_graph function
High
CVE-2023-41334
was published
for
astropy
(pip)
Mar 18, 2024
TurboBoost Commands vulnerable to arbitrary method invocation
High
CVE-2024-28181
was published
for
@turbo-boost/commands
(RubyGems)
Mar 15, 2024
This vulnerability allows an already authenticated admin user to create a malicious payload that...
High
Unreviewed
CVE-2024-1882
was published
Mar 14, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-23268
was published
Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-23274
was published
Mar 8, 2024
Pimcore Host Header Injection in user invitation link
High
CVE-2024-25625
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Feb 20, 2024
MantisBT Host Header Injection vulnerability
High
CVE-2024-23830
was published
for
mantisbt/mantisbt
(Composer)
Feb 20, 2024
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could...
High
Unreviewed
CVE-2024-22319
was published
Feb 2, 2024
ProTip!
Advisories are also available from the
GraphQL API