GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
662 advisories
Filter by severity
Drupal core Remote Code Execution
Critical
GHSA-jf8c-36vw-98x4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-7v68-3pr5-h3cr
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-6mgp-v5cm-ghg5
was published
for
drupal/core
(Composer)
May 15, 2024
An issue was identified in the Identity Security Cloud (ISC) Transform preview and...
Critical
Unreviewed
CVE-2024-3319
was published
May 15, 2024
An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to...
Critical
Unreviewed
CVE-2024-33294
was published
May 6, 2024
CraftBeerPi 4 allows arbitrary code execution
Critical
CVE-2024-3955
was published
for
cbpi4
(pip)
May 2, 2024
An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted...
Critical
Unreviewed
CVE-2024-33445
was published
Apr 29, 2024
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da...
Critical
Unreviewed
CVE-2024-31822
was published
Apr 29, 2024
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0...
Critical
Unreviewed
CVE-2024-32491
was published
Apr 29, 2024
Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a...
Critical
Unreviewed
CVE-2024-22633
was published
Apr 26, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced...
Critical
Unreviewed
CVE-2024-31266
was published
Apr 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti...
Critical
Unreviewed
CVE-2024-22144
was published
Apr 25, 2024
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7602
was published
for
drupal/core
(Composer)
Apr 23, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Critical
CVE-2024-28253
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 23, 2024
MySQL2 for Node Arbitrary Code Injection
Critical
CVE-2024-21511
was published
for
mysql2
(npm)
Apr 23, 2024
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-30923
was published
Apr 18, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy...
Critical
Unreviewed
CVE-2024-32599
was published
Apr 18, 2024
Keras code injection vulnerability
Critical
CVE-2024-3660
was published
for
keras
(pip)
Apr 16, 2024
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit...
Critical
Unreviewed
CVE-2024-24486
was published
Apr 15, 2024
mysql2 Remote Code Execution (RCE) via the readCodeFor function
Critical
CVE-2024-21508
was published
for
mysql2
(npm)
Apr 11, 2024
WWBN AVideo Remote Code Execution
Critical
CVE-2024-31819
was published
for
wwbn/avideo
(Composer)
Apr 10, 2024
An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows...
Critical
Unreviewed
CVE-2024-29500
was published
Apr 10, 2024
Aim Web API vulnerable to Remote Code Execution
Critical
CVE-2024-2195
was published
for
aim
(pip)
Apr 10, 2024
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Critical
CVE-2024-3098
was published
for
llama-index-core
(pip)
Apr 10, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
ProTip!
Advisories are also available from the
GraphQL API