GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
76 advisories
Filter by severity
dom-iterator code execution vulnerability
Moderate
CVE-2024-21541
was published
for
dom-iterator
(npm)
Nov 13, 2024
Langflow vulnerable to remote code execution
Moderate
CVE-2024-48061
was published
for
langflow
(pip)
Nov 5, 2024
CycloneDX cdxgen may execute code contained within build-related files
Moderate
CVE-2024-50611
was published
for
@cyclonedx/cdxgen
(npm)
Oct 28, 2024
Flair allows arbitrary code execution
Moderate
CVE-2024-10073
was published
for
flair
(pip)
Oct 17, 2024
Composio Code Injection Vulnerability
Moderate
CVE-2024-8864
was published
for
composio-core
(pip)
Sep 16, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input
Moderate
CVE-2024-45390
was published
for
@blakeembrey/template
(npm)
Sep 3, 2024
req may send an unintended request when a malformed URL is provided
Moderate
CVE-2024-45258
was published
for
github.com/imroc/req
(Go)
Aug 26, 2024
Editor.js vulnerable to Code Injection
Moderate
CVE-2022-23474
was published
for
@editorjs/editorjs
(npm)
Aug 5, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
CVE-2024-40420
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository
Moderate
CVE-2024-3924
was published
for
text-generation
(pip)
Jun 2, 2024
Pug allows JavaScript code execution if an application accepts untrusted input
Moderate
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
Ez Platform Object Injection in legacy shop module
Moderate
GHSA-39j2-4p9j-5w4j
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Moderate
GHSA-pqjm-xcp8-wgmm
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
kubevirt allows a local attacker to execute arbitrary code via a crafted command
Moderate
CVE-2024-33394
was published
for
kubevirt.io/kubevirt
(Go)
May 2, 2024
Code injection in Apache Zeppelin Shell
Moderate
CVE-2024-31861
was published
for
org.apache.zeppelin:zeppelin-shell
(Maven)
Apr 11, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation
Moderate
CVE-2024-29477
was published
for
dolibarr/dolibarr
(Composer)
Apr 3, 2024
Cross-site Scripting in Moodle Chat
Moderate
CVE-2024-28593
was published
for
moodle/moodle
(Composer)
Mar 22, 2024
Nteract Remote Code Execution vulnerability
Moderate
CVE-2024-22891
was published
for
nteract
(npm)
Mar 1, 2024
Privilege escalation for users that can access mock configuration
Moderate
CVE-2023-6395
was published
for
templated_dictionary
(pip)
Jan 16, 2024
ShifuML shifu code injection vulnerability
Moderate
CVE-2023-7148
was published
for
ml.shifu:shifu
(Maven)
Dec 29, 2023
Named path parameters can be overridden in TrieRouter
Moderate
CVE-2023-50710
was published
for
hono
(npm)
Dec 15, 2023
October CMS safe mode bypass using Page template injection
Moderate
CVE-2023-44381
was published
for
october/system
(Composer)
Nov 29, 2023
Moodle Code Injection vulnerability
Moderate
CVE-2023-5550
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
ProTip!
Advisories are also available from the
GraphQL API