Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,934 advisories

Loading
An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup... High Unreviewed
CVE-2024-52945 was published Nov 18, 2024
Code injection in ymlref Critical
CVE-2018-20133 was published for ymlref (pip) Dec 19, 2018
The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7... High Unreviewed
CVE-2024-11038 was published Nov 19, 2024
The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in... High Unreviewed
CVE-2024-11036 was published Nov 19, 2024
vault-cli contains possible RCE when reading user-defined data Moderate
CVE-2021-43837 was published for vault-cli (pip) Dec 16, 2021
ewjoachim
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
TDQM Arbitrary Code Execution High
CVE-2016-10075 was published for tqdm (pip) May 14, 2022
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine High
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja andres-torres-marroquin
adamsachs daveqnet
@blakeembrey/template vulnerable to code injection when attacker controls template input Moderate
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
GitHub Actions Script Injection in `ultralytics/actions` High
GHSA-7x29-qqmq-v6qc was published for ultralytics/actions (GitHub Actions) Aug 14, 2024
AdnaneKhan
Nuxt vulnerable to remote code execution via the browser when running the test locally Critical
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader High
CVE-2024-37900 was published for org.xwiki.platform:xwiki-platform-web-war (Maven) Jul 31, 2024
RoboGR00t
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-40420 was published for opencart/opencart (Composer) Jul 17, 2024
langchain-experimental vulnerable to Arbitrary Code Execution Critical
CVE-2024-21513 was published for langchain-experimental (pip) Jul 15, 2024
Arbitrary Code Execution in Pillow Critical
CVE-2023-50447 was published for Pillow (pip) Jan 19, 2024
nuxt Code Injection vulnerability Critical
CVE-2023-3224 was published for nuxt (npm) Jun 13, 2023
danielroe OhB00
GitPython vulnerable to Remote Code Execution due to improper user input validation Critical
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible Moderate
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2024-9839 was published Nov 16, 2024
The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in... Moderate Unreviewed
CVE-2024-10262 was published Nov 16, 2024
Remote Code Execution on click of <a> Link in markdown preview High
CVE-2024-49362 was published for joplin (npm) Nov 14, 2024
jackfromeast
HEVC Video Extensions Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-21917 was published Jan 12, 2022
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique... Moderate Unreviewed
CVE-2022-21928 was published Jan 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database