GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,218 advisories
Filter by severity
PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This...
High
Unreviewed
CVE-2023-39469
was published
May 3, 2024
An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary...
High
Unreviewed
CVE-2024-29309
was published
May 2, 2024
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da...
High
Unreviewed
CVE-2024-31823
was published
Apr 29, 2024
An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the...
High
Unreviewed
CVE-2024-32492
was published
Apr 29, 2024
Flowise vulnerable to code injection via api/v1
High
CVE-2024-31621
was published
for
flowise
(npm)
Apr 29, 2024
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a...
High
Unreviewed
CVE-2024-32406
was published
Apr 26, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
High
CVE-2024-28848
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
High
CVE-2024-28847
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows...
High
Unreviewed
CVE-2024-4040
was published
Apr 22, 2024
A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary...
High
Unreviewed
CVE-2024-28699
was published
Apr 22, 2024
An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code...
High
Unreviewed
CVE-2023-44857
was published
Apr 12, 2024
Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run...
High
Unreviewed
CVE-2024-22722
was published
Apr 11, 2024
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers...
High
Unreviewed
CVE-2024-25376
was published
Apr 11, 2024
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute...
High
Unreviewed
CVE-2024-29399
was published
Apr 11, 2024
HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and...
High
Unreviewed
CVE-2024-26362
was published
Apr 10, 2024
An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code...
High
Unreviewed
CVE-2024-30565
was published
Apr 4, 2024
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code...
High
Unreviewed
CVE-2024-27705
was published
Apr 4, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery...
High
Unreviewed
CVE-2024-27191
was published
Apr 3, 2024
The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android...
High
Unreviewed
CVE-2024-23727
was published
Mar 28, 2024
Authenticated List control client can execute the LINQ query in SCM Server to present event as...
High
Unreviewed
CVE-2024-2097
was published
Mar 27, 2024
SCM Software is a client and server application. An Authenticated System manager client can...
High
Unreviewed
CVE-2024-0400
was published
Mar 27, 2024
ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific...
High
Unreviewed
CVE-2024-23755
was published
Mar 24, 2024
Server Side Template Injection (SSTI) via Twig escape handler
High
CVE-2024-28119
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28118
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
ProTip!
Advisories are also available from the
GraphQL API