Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,218 advisories

Loading
PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-39469 was published May 3, 2024
An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary... High Unreviewed
CVE-2024-29309 was published May 2, 2024
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da... High Unreviewed
CVE-2024-31823 was published Apr 29, 2024
An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the... High Unreviewed
CVE-2024-32492 was published Apr 29, 2024
Flowise vulnerable to code injection via api/v1 High
CVE-2024-31621 was published for flowise (npm) Apr 29, 2024
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a... High Unreviewed
CVE-2024-32406 was published Apr 26, 2024
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) High
CVE-2024-28848 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) High
CVE-2024-28847 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows... High Unreviewed
CVE-2024-4040 was published Apr 22, 2024
A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary... High Unreviewed
CVE-2024-28699 was published Apr 22, 2024
An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code... High Unreviewed
CVE-2023-44857 was published Apr 12, 2024
Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run... High Unreviewed
CVE-2024-22722 was published Apr 11, 2024
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers... High Unreviewed
CVE-2024-25376 was published Apr 11, 2024
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute... High Unreviewed
CVE-2024-29399 was published Apr 11, 2024
HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and... High Unreviewed
CVE-2024-26362 was published Apr 10, 2024
An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code... High Unreviewed
CVE-2024-30565 was published Apr 4, 2024
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code... High Unreviewed
CVE-2024-27705 was published Apr 4, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery... High Unreviewed
CVE-2024-27191 was published Apr 3, 2024
The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android... High Unreviewed
CVE-2024-23727 was published Mar 28, 2024
Authenticated List control client can execute the LINQ query in SCM Server to present event as... High Unreviewed
CVE-2024-2097 was published Mar 27, 2024
SCM Software is a client and server application. An Authenticated System manager client can... High Unreviewed
CVE-2024-0400 was published Mar 27, 2024
ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific... High Unreviewed
CVE-2024-23755 was published Mar 24, 2024
Server Side Template Injection (SSTI) via Twig escape handler High
CVE-2024-28119 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
Server Side Template Injection (SSTI) High
CVE-2024-28118 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
ProTip! Advisories are also available from the GraphQL API