GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
268 advisories
Filter by severity
Arbitrary File Read Vulnerability in Apache Dolphinscheduler
High
CVE-2023-51770
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Code injection in REDAXO
High
CVE-2024-25298
was published
for
redaxo/source
(Composer)
Feb 17, 2024
TYPO3 Install Tool vulnerable to Code Execution
High
CVE-2024-22188
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
vantage6 remote code execution vulnerability
High
CVE-2024-21649
was published
for
vantage6
(pip)
Jan 30, 2024
Arbitrary Code Execution in Processwire
High
CVE-2023-24676
was published
for
processwire/processwire
(Composer)
Jan 24, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23681
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Code injection in mingSoft MCMS
High
CVE-2023-51282
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 16, 2024
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
High
CVE-2024-21643
was published
for
Microsoft.IdentityModel.Protocols.SignedHttpRequest
(NuGet)
Jan 9, 2024
free5GC AMF denial of service vulnerability
High
CVE-2023-49391
was published
for
github.com/free5gc/amf
(Go)
Dec 22, 2023
Statamic CMS vulnerable to remote code execution via form uploads
High
CVE-2023-48217
was published
for
statamic/cms
(Composer)
Nov 14, 2023
Moodle Code Injection vulnerability
High
CVE-2023-5540
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action
High
CVE-2023-46243
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 7, 2023
Subrion remote command execution vulnerability
High
CVE-2023-46947
was published
for
intelliants/subrion
(Composer)
Nov 3, 2023
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
High
CVE-2023-5044
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet
High
CVE-2023-37909
was published
for
org.xwiki.platform:xwiki-platform-menu
(Maven)
Oct 25, 2023
node-qpdf vulnerable to command injection
High
CVE-2023-26155
was published
for
node-qpdf
(npm)
Oct 14, 2023
MTProto proxy remote code execution vulnerability
High
CVE-2023-45312
was published
for
mtproto_proxy
(Erlang)
Oct 10, 2023
Economizzer host header injection vulnerability
High
CVE-2023-38877
was published
for
gugoan/economizzer
(Composer)
Sep 28, 2023
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
High
CVE-2023-38886
was published
for
dolibarr/dolibarr
(Composer)
Sep 20, 2023
hson-java vulnerable to denial of service
High
CVE-2023-39685
was published
for
org.hjson:hjson
(Maven)
Sep 1, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter
High
CVE-2023-40827
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function
High
CVE-2023-40828
was published
for
org.pf4j:pf4j
(Maven)
Aug 29, 2023
ProTip!
Advisories are also available from the
GraphQL API