Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
Composio Code Injection Vulnerability Moderate
CVE-2024-8864 was published for composio-core (pip) Sep 16, 2024
Editor.js vulnerable to Code Injection Moderate
CVE-2022-23474 was published for @editorjs/editorjs (npm) Aug 5, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader Moderate
CVE-2024-37900 was published for org.xwiki.platform:xwiki-platform-web-war (Maven) Jul 31, 2024
RoboGR00t
Remote Code Execution in create_conda_env function in lollms Moderate
CVE-2024-3121 was published for lollms (pip) Jun 24, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository Moderate
CVE-2024-3924 was published for text-generation (pip) Jun 2, 2024
Pug allows JavaScript code execution if an application accepts untrusted input Moderate
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
kubevirt allows a local attacker to execute arbitrary code via a crafted command Moderate
CVE-2024-33394 was published for kubevirt.io/kubevirt (Go) May 2, 2024
Code injection in Apache Zeppelin Shell Moderate
CVE-2024-31861 was published for org.apache.zeppelin:zeppelin-shell (Maven) Apr 11, 2024
raboof
Dolibarr ERP CRM Code Injection vulnerability during installation Moderate
CVE-2024-29477 was published for dolibarr/dolibarr (Composer) Apr 3, 2024
Nteract Remote Code Execution vulnerability Moderate
CVE-2024-22891 was published for nteract (npm) Mar 1, 2024
ShifuML shifu code injection vulnerability Moderate
CVE-2023-7148 was published for ml.shifu:shifu (Maven) Dec 29, 2023
Named path parameters can be overridden in TrieRouter Moderate
CVE-2023-50710 was published for hono (npm) Dec 15, 2023
October CMS safe mode bypass using Page template injection Moderate
CVE-2023-44381 was published for october/system (Composer) Nov 29, 2023
whatev3n
Moodle Code Injection vulnerability Moderate
CVE-2023-5550 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Code Injection vulnerability Moderate
CVE-2023-5539 was published for moodle/moodle (Composer) Nov 9, 2023
baserCMS Code Injection Vulnerability in Mail Form Feature Moderate
CVE-2023-43792 was published for baserproject/basercms (Composer) Oct 26, 2023
Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell Moderate
CVE-2023-43651 was published for github.com/jumpserver/koko (Go) Oct 24, 2023
oskar-zeinomahmalat-sonarsource
LibreNMS Code Injection vulnerability Moderate
CVE-2023-4977 was published for librenms/librenms (Composer) Sep 15, 2023
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd Moderate
CVE-2023-39956 was published for electron (npm) Sep 6, 2023
SimonSiefke MarshallOfSound
phpMyFAQ Code Injection vulnerability Moderate
CVE-2023-1761 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
aruneko
Code Injection in thorsten/phpmyfaq Moderate
CVE-2023-0792 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument Moderate
GHSA-7vcx-v65q-9wpg was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
ProTip! Advisories are also available from the GraphQL API