GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,768 advisories
Filter by severity
Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify...
Critical
Unreviewed
CVE-2024-33644
was published
May 17, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code...
Critical
Unreviewed
CVE-2023-23645
was published
May 17, 2024
Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command...
Critical
Unreviewed
CVE-2023-48643
was published
May 16, 2024
RunGptLLM class in LlamaIndex has a command injection
High
CVE-2024-4181
was published
for
llama-index
(pip)
May 16, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-2ffv-r4r9-r8xr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
Ez Platform Object Injection in legacy shop module
Moderate
GHSA-39j2-4p9j-5w4j
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
EZsystems Remote code execution in file uploads
High
GHSA-9895-26wr-4fgv
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Moderate
GHSA-pqjm-xcp8-wgmm
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-64vj-933f-6pm3
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Publish Remote code execution in file uploads
High
GHSA-3vwr-jj4f-h98x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-2w9p-xxqr-h253
was published
for
ezsystems/ezplatform-kernel
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-j66p-fvp2-fxhj
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-jf8c-36vw-98x4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-gxxj-g9v8-w28p
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-7v68-3pr5-h3cr
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-6mgp-v5cm-ghg5
was published
for
drupal/core
(Composer)
May 15, 2024
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack...
High
Unreviewed
CVE-2024-4202
was published
May 15, 2024
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1...
High
Unreviewed
CVE-2024-3892
was published
May 15, 2024
An issue was identified in the Identity Security Cloud (ISC) Transform preview and...
Critical
Unreviewed
CVE-2024-3319
was published
May 15, 2024
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
High
GHSA-pgj4-g5j4-cmfx
was published
for
cart2quote/module-quotation-encoded
(Composer)
May 15, 2024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command...
High
Unreviewed
CVE-2024-32350
was published
May 14, 2024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command...
High
Unreviewed
CVE-2024-32352
was published
May 14, 2024
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory...
Moderate
Unreviewed
CVE-2024-34225
was published
May 14, 2024
An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a...
High
Unreviewed
CVE-2024-29513
was published
May 14, 2024
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert...
Moderate
Unreviewed
CVE-2024-29209
was published
May 7, 2024
ProTip!
Advisories are also available from the
GraphQL API