Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,466 advisories

Loading
vanna vulnerable to remote code execution caused by prompt injection Critical
CVE-2024-5826 was published for vanna (pip) Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely Critical
CVE-2024-5751 was published for litellm (pip) Jun 27, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP... Critical Unreviewed
CVE-2024-37228 was published Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software... Critical Unreviewed
CVE-2024-37109 was published Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM... Critical Unreviewed
CVE-2024-5683 was published Jun 24, 2024
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded... High Unreviewed
CVE-2024-38319 was published Jun 22, 2024
XWiki Platform allows remote code execution from user account Critical
CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the... Unknown Unreviewed
CVE-2024-1577 was published Jun 12, 2024
Vulnerability discovered by executing a planned security audit. Improper Control of Generation... High Unreviewed
CVE-2024-34761 was published Jun 10, 2024
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to... High Unreviewed
CVE-2024-4889 was published Jun 6, 2024
Privilege Escalation & SQL Injection in TYPO3 CMS High
GHSA-7qwg-fcpw-xg5g was published for typo3/cms (Composer) Jun 5, 2024
TYPO3 Remote Code Execution in third party library swiftmailer High
GHSA-g4pf-3jvq-2gcw was published for typo3/cms (Composer) Jun 5, 2024
Arbitrary Code Execution in TYPO3 CMS Critical
GHSA-67wg-6j7r-mqh8 was published for typo3/cms (Composer) Jun 5, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks... Critical Unreviewed
CVE-2024-25600 was published Jun 4, 2024
javascript-deobfuscator crafted payload can lead to code execution High
CVE-2024-36120 was published for js-deobfuscator (npm) Jun 4, 2024
SteakEnthusiast
MLFlow improper input validation High
CVE-2024-37061 was published for mlflow (pip) Jun 4, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler High
CVE-2014-6072 was published for symfony/symfony (Composer) May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle High
CVE-2014-4931 was published for symfony/framework-bundle (Composer) May 30, 2024
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag High
CVE-2024-35226 was published for smarty/smarty (Composer) May 29, 2024
TrixterTheTux
Pug allows JavaScript code execution if an application accepts untrusted input High
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger
litellm passes untrusted data to `eval` function without sanitization High
CVE-2024-4264 was published for litellm (pip) May 18, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify... Critical Unreviewed
CVE-2024-33644 was published May 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code... Critical Unreviewed
CVE-2023-23645 was published May 17, 2024
ProTip! Advisories are also available from the GraphQL API