GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,466 advisories
Filter by severity
vanna vulnerable to remote code execution caused by prompt injection
Critical
CVE-2024-5826
was published
for
vanna
(pip)
Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely
Critical
CVE-2024-5751
was published
for
litellm
(pip)
Jun 27, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP...
Critical
Unreviewed
CVE-2024-37228
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software...
Critical
Unreviewed
CVE-2024-37109
was published
Jun 24, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM...
Critical
Unreviewed
CVE-2024-5683
was published
Jun 24, 2024
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded...
High
Unreviewed
CVE-2024-38319
was published
Jun 22, 2024
XWiki Platform allows remote code execution from user account
Critical
CVE-2024-37899
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 20, 2024
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the...
Unknown
Unreviewed
CVE-2024-1577
was published
Jun 12, 2024
Vulnerability discovered by executing a planned security audit.
Improper Control of Generation...
High
Unreviewed
CVE-2024-34761
was published
Jun 10, 2024
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to...
High
Unreviewed
CVE-2024-4889
was published
Jun 6, 2024
Privilege Escalation & SQL Injection in TYPO3 CMS
High
GHSA-7qwg-fcpw-xg5g
was published
for
typo3/cms
(Composer)
Jun 5, 2024
TYPO3 Remote Code Execution in third party library swiftmailer
High
GHSA-g4pf-3jvq-2gcw
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Arbitrary Code Execution in TYPO3 CMS
Critical
GHSA-67wg-6j7r-mqh8
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks...
Critical
Unreviewed
CVE-2024-25600
was published
Jun 4, 2024
javascript-deobfuscator crafted payload can lead to code execution
High
CVE-2024-36120
was published
for
js-deobfuscator
(npm)
Jun 4, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository
Moderate
CVE-2024-3924
was published
for
text-generation
(pip)
Jun 2, 2024
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
High
CVE-2014-6072
was published
for
symfony/symfony
(Composer)
May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle
High
CVE-2014-4931
was published
for
symfony/framework-bundle
(Composer)
May 30, 2024
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag
High
CVE-2024-35226
was published
for
smarty/smarty
(Composer)
May 29, 2024
Pug allows JavaScript code execution if an application accepts untrusted input
High
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
litellm passes untrusted data to `eval` function without sanitization
High
CVE-2024-4264
was published
for
litellm
(pip)
May 18, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify...
Critical
Unreviewed
CVE-2024-33644
was published
May 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code...
Critical
Unreviewed
CVE-2023-23645
was published
May 17, 2024
ProTip!
Advisories are also available from the
GraphQL API