GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,218 advisories
Filter by severity
TYPO3 Remote Code Execution in third party library swiftmailer
High
GHSA-g4pf-3jvq-2gcw
was published
for
typo3/cms
(Composer)
Jun 5, 2024
javascript-deobfuscator crafted payload can lead to code execution
High
CVE-2024-36120
was published
for
js-deobfuscator
(npm)
Jun 4, 2024
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
High
CVE-2014-6072
was published
for
symfony/symfony
(Composer)
May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle
High
CVE-2014-4931
was published
for
symfony/framework-bundle
(Composer)
May 30, 2024
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag
High
CVE-2024-35226
was published
for
smarty/smarty
(Composer)
May 29, 2024
An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07...
High
Unreviewed
CVE-2024-33228
was published
May 22, 2024
An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition...
High
Unreviewed
CVE-2024-33225
was published
May 22, 2024
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious...
High
Unreviewed
CVE-2024-22274
was published
May 21, 2024
litellm passes untrusted data to `eval` function without sanitization
High
CVE-2024-4264
was published
for
litellm
(pip)
May 18, 2024
RunGptLLM class in LlamaIndex has a command injection
High
CVE-2024-4181
was published
for
llama-index
(pip)
May 16, 2024
EZsystems Remote code execution in file uploads
High
GHSA-9895-26wr-4fgv
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-64vj-933f-6pm3
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Publish Remote code execution in file uploads
High
GHSA-3vwr-jj4f-h98x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-2w9p-xxqr-h253
was published
for
ezsystems/ezplatform-kernel
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-j66p-fvp2-fxhj
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-gxxj-g9v8-w28p
was published
for
drupal/core
(Composer)
May 15, 2024
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack...
High
Unreviewed
CVE-2024-4202
was published
May 15, 2024
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1...
High
Unreviewed
CVE-2024-3892
was published
May 15, 2024
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
High
GHSA-pgj4-g5j4-cmfx
was published
for
cart2quote/module-quotation-encoded
(Composer)
May 15, 2024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command...
High
Unreviewed
CVE-2024-32350
was published
May 14, 2024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command...
High
Unreviewed
CVE-2024-32352
was published
May 14, 2024
An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a...
High
Unreviewed
CVE-2024-29513
was published
May 14, 2024
An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to...
High
Unreviewed
CVE-2024-30973
was published
May 7, 2024
ProTip!
Advisories are also available from the
GraphQL API