Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,218 advisories

Loading
TYPO3 Remote Code Execution in third party library swiftmailer High
GHSA-g4pf-3jvq-2gcw was published for typo3/cms (Composer) Jun 5, 2024
javascript-deobfuscator crafted payload can lead to code execution High
CVE-2024-36120 was published for js-deobfuscator (npm) Jun 4, 2024
SteakEnthusiast
MLFlow improper input validation High
CVE-2024-37061 was published for mlflow (pip) Jun 4, 2024
Vanna prompt injection code execution High
CVE-2024-5565 was published for vanna (pip) May 31, 2024
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler High
CVE-2014-6072 was published for symfony/symfony (Composer) May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle High
CVE-2014-4931 was published for symfony/framework-bundle (Composer) May 30, 2024
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag High
CVE-2024-35226 was published for smarty/smarty (Composer) May 29, 2024
TrixterTheTux
An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07... High Unreviewed
CVE-2024-33228 was published May 22, 2024
An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition... High Unreviewed
CVE-2024-33225 was published May 22, 2024
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious... High Unreviewed
CVE-2024-22274 was published May 21, 2024
litellm passes untrusted data to `eval` function without sanitization High
CVE-2024-4264 was published for litellm (pip) May 18, 2024
RunGptLLM class in LlamaIndex has a command injection High
CVE-2024-4181 was published for llama-index (pip) May 16, 2024
EZsystems Remote code execution in file uploads High
GHSA-9895-26wr-4fgv was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-64vj-933f-6pm3 was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Publish Remote code execution in file uploads High
GHSA-3vwr-jj4f-h98x was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-2w9p-xxqr-h253 was published for ezsystems/ezplatform-kernel (Composer) May 15, 2024
Drupal core Arbitrary PHP code execution High
GHSA-j66p-fvp2-fxhj was published for drupal/drupal (Composer) May 15, 2024
Drupal core Arbitrary PHP code execution High
GHSA-gxxj-g9v8-w28p was published for drupal/core (Composer) May 15, 2024
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack... High Unreviewed
CVE-2024-4202 was published May 15, 2024
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1... High Unreviewed
CVE-2024-3892 was published May 15, 2024
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction High
GHSA-pgj4-g5j4-cmfx was published for cart2quote/module-quotation-encoded (Composer) May 15, 2024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command... High Unreviewed
CVE-2024-32350 was published May 14, 2024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command... High Unreviewed
CVE-2024-32352 was published May 14, 2024
An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a... High Unreviewed
CVE-2024-29513 was published May 14, 2024
An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to... High Unreviewed
CVE-2024-30973 was published May 7, 2024
ProTip! Advisories are also available from the GraphQL API