Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

662 advisories

Loading
Drupal core Remote Code Execution Critical
GHSA-jf8c-36vw-98x4 was published for drupal/drupal (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-7v68-3pr5-h3cr was published for drupal/core (Composer) May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-6mgp-v5cm-ghg5 was published for drupal/core (Composer) May 15, 2024
An issue was identified in the Identity Security Cloud (ISC) Transform preview and... Critical Unreviewed
CVE-2024-3319 was published May 15, 2024
An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to... Critical Unreviewed
CVE-2024-33294 was published May 6, 2024
CraftBeerPi 4 allows arbitrary code execution Critical
CVE-2024-3955 was published for cbpi4 (pip) May 2, 2024
An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted... Critical Unreviewed
CVE-2024-33445 was published Apr 29, 2024
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da... Critical Unreviewed
CVE-2024-31822 was published Apr 29, 2024
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0... Critical Unreviewed
CVE-2024-32491 was published Apr 29, 2024
Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a... Critical Unreviewed
CVE-2024-22633 was published Apr 26, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced... Critical Unreviewed
CVE-2024-31266 was published Apr 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti... Critical Unreviewed
CVE-2024-22144 was published Apr 25, 2024
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7602 was published for drupal/core (Composer) Apr 23, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) Critical
CVE-2024-28253 was published for org.open-metadata:openmetadata-service (Maven) Apr 23, 2024
pwntester
MySQL2 for Node Arbitrary Code Injection Critical
CVE-2024-21511 was published for mysql2 (npm) Apr 23, 2024
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute... Critical Unreviewed
CVE-2024-30923 was published Apr 18, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy... Critical Unreviewed
CVE-2024-32599 was published Apr 18, 2024
Keras code injection vulnerability Critical
CVE-2024-3660 was published for keras (pip) Apr 16, 2024
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit... Critical Unreviewed
CVE-2024-24486 was published Apr 15, 2024
mysql2 Remote Code Execution (RCE) via the readCodeFor function Critical
CVE-2024-21508 was published for mysql2 (npm) Apr 11, 2024
WWBN AVideo Remote Code Execution Critical
CVE-2024-31819 was published for wwbn/avideo (Composer) Apr 10, 2024
An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows... Critical Unreviewed
CVE-2024-29500 was published Apr 10, 2024
Aim Web API vulnerable to Remote Code Execution Critical
CVE-2024-2195 was published for aim (pip) Apr 10, 2024
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution Critical
CVE-2024-3098 was published for llama-index-core (pip) Apr 10, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string Critical
CVE-2024-31864 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Apr 9, 2024
oscerd
ProTip! Advisories are also available from the GraphQL API