Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

4,060 advisories

Loading
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote... High Unreviewed
CVE-2022-47879 was published May 12, 2023
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts.... High Unreviewed
CVE-2023-24539 was published May 11, 2023
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty... High Unreviewed
CVE-2023-29400 was published May 11, 2023
An authenticated parameter injection vulnerability exists in the web-based management interface... High Unreviewed
CVE-2025-23051 was published Jan 14, 2025
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability High
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
Apache RocketMQ may have remote code execution vulnerability when using update configuration function Critical
CVE-2023-33246 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 6, 2023
An issue found in Agasio-Camera device version not specified allows a remote attacker to execute... Critical Unreviewed
CVE-2023-29862 was published May 15, 2023
The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is... Critical Unreviewed
CVE-2024-42936 was published Jan 21, 2025
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and... High Unreviewed
CVE-2015-1635 was published May 14, 2022
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in... High Unreviewed
CVE-2024-13499 was published Jan 22, 2025
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in... High Unreviewed
CVE-2024-13495 was published Jan 22, 2025
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not... High Unreviewed
CVE-2012-0014 was published May 4, 2022
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2,... High Unreviewed
CVE-2012-0175 was published May 4, 2022
Craft CMS has a potential RCE with a compromised security key High
CVE-2025-23209 was published for craftcms/cms (Composer) Jan 21, 2025
TorchGeo Remote Code Execution Vulnerability High
CVE-2024-49048 was published for torchgeo (pip) Nov 12, 2024
XWiki Platform: Remote code execution through space title and Solr space facet Critical
CVE-2024-31984 was published for org.xwiki.platform:xwiki-platform-search-solr-ui (Maven) Apr 10, 2024
XWiki Platform: Remote code execution as guest via DatabaseSearch Critical
CVE-2024-31982 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Apr 10, 2024
The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold... High Unreviewed
CVE-2009-2512 was published May 2, 2022
The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2,... High Unreviewed
CVE-2009-2494 was published May 2, 2022
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file... Critical Unreviewed
CVE-2024-54724 was published Jan 9, 2025
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote... High Unreviewed
CVE-2009-1547 was published May 2, 2022
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
PaddlePaddle vulnerable to remote code execution Critical
CVE-2024-0917 was published for paddlepaddle (pip) Mar 7, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler High
CVE-2024-39877 was published for apache-airflow (pip) Jul 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database