Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

225 advisories

Loading
Code Injection in pyload-ng Critical
CVE-2023-0297 was published for pyload-ng (pip) Jan 14, 2023
nterchange Code Injection vulnerability Critical
CVE-2015-10009 was published for nonfiction/nterchange (Composer) Jan 2, 2023
vm2 vulnerable to Arbitrary Code Execution Critical
CVE-2022-25893 was published for vm2 (npm) Dec 21, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
PaddlePaddle vulnerable to Code Injection Critical
CVE-2022-46742 was published for PaddlePaddle (pip) Dec 7, 2022
ff4j is vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-44262 was published for org.ff4j:ff4j-core (Maven) Dec 1, 2022
njimenezotto tdunlap607
Zenario CMS is vulnerable to Remote Code Execution (RCE). Critical
CVE-2022-44136 was published for tribalsystems/zenario (Composer) Nov 30, 2022
tdunlap607
PaddlePaddle vulnerable to code injection via winstr Critical
CVE-2022-45908 was published for paddlepaddle (pip) Nov 26, 2022
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
Code injection in quarkus dev ui config editor Critical
CVE-2022-4116 was published for io.quarkus:quarkus-vertx-http-deployment (Maven) Nov 22, 2022
jmini
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout Critical
CVE-2022-39365 was published for pimcore/pimcore (Composer) Oct 29, 2022
nth347
Arbitrary code execution in Apache Commons Text Critical
CVE-2022-42889 was published for com.guicedee.services:commons-text (Maven) Oct 13, 2022
Moodle remote code execution Critical
CVE-2022-40314 was published for moodle/moodle (Composer) Oct 1, 2022
joblib vulnerable to arbitrary code execution Critical
CVE-2022-21797 was published for joblib (pip) Sep 27, 2022
dawookie
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability Critical
CVE-2022-36099 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) Sep 16, 2022
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection Critical
CVE-2022-36100 was published for org.xwiki.platform.applications:xwiki-application-tag (Maven) Sep 16, 2022
morgan-json vulnerable to Arbitrary Code Execution Critical
CVE-2022-25921 was published for morgan-json (npm) Aug 29, 2022
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution Critical
CVE-2022-25644 was published for @pendo324/get-process-by-name (npm) Aug 29, 2022
convert-svg-core vulnerable to remote code injection Critical
CVE-2022-25759 was published for convert-svg-core (npm) Jul 23, 2022
Dataease before 1.11.2 allows arbitrary code execution via crafter plugin Critical
CVE-2022-34113 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
Code Injection in SEOmatic Critical
CVE-2021-41749 was published for nystudio107/craft-seomatic (Composer) Jun 13, 2022
Code Injection in metacalc Critical
CVE-2022-21122 was published for metacalc (npm) Jun 9, 2022
Dolibarr remote PHP code execution Critical
CVE-2021-33816 was published for dolibarr/dolibarr (Composer) May 24, 2022
SaltStack Salt Server Side Template Injection Critical
CVE-2021-25283 was published for salt (pip) May 24, 2022
Magento php object injection vulnerability Critical
CVE-2020-9664 was published for magento/core (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API