Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

330 advisories

Loading
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder Moderate
CVE-2024-45595 was published for dtale (pip) Sep 10, 2024
AfterSnows
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow High
CVE-2024-42370 was published for litestar (pip) Aug 9, 2024 withdrawn
pwntester JacobCoffee
Flowise Path Injection at /api/v1/openai-assistants-file High
CVE-2024-36420 was published for flowise (npm) Aug 5, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE) Moderate
CVE-2024-40137 was published for dolibarr/dolibarr (Composer) Jul 24, 2024
Ankitects Anki arbitrary script execution vulnerability Critical
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable High
CVE-2024-41121 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins High
CVE-2024-41122 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution High
CVE-2024-41111 was published for github.com/bishopfox/sliver (Go) Jul 18, 2024
hyperreality
dbt has an implicit override for built-in materializations from installed packages Moderate
CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024
brabster
Apache Airflow Potential Cross-site Scripting Vulnerability Moderate
CVE-2024-39863 was published for apache-airflow (pip) Jul 17, 2024
Apache Wicket: Remote code execution via XSLT injection High
CVE-2024-36522 was published for org.apache.wicket:wicket-util (Maven) Jul 12, 2024
westonsteimel
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
Zend-Mail remote code execution in zend-mail via Sendmail adapter High
GHSA-cxf7-m5g2-v594 was published for zendframework/zend-mail (Composer) Jun 7, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter Moderate
GHSA-gff2-p6vm-3p8g was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Potential Proxy Injection Vulnerabilities Moderate
GHSA-mg7h-9qfx-4r83 was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc` High
GHSA-jq87-2wxp-8349 was published for zendframework/zendframework (Composer) Jun 7, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution Critical
GHSA-cc97-g92w-jm65 was published for typo3/cms-core (Composer) May 30, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension Moderate
GHSA-g5vj-wj9x-4jg9 was published for symbiote/silverstripe-multivaluefield (Composer) May 29, 2024
SimpleSAMLphp Link Injection vulnerability Moderate
GHSA-v858-922f-fj9v was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
silverstripe/framework code execution vulnerability High
GHSA-vgxh-x8jv-hmff was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework CSV Excel Macro Injection High
GHSA-mqjc-x563-c9q8 was published for silverstripe/framework (Composer) May 27, 2024
Ghost allows CSV Injection during member CSV export High
CVE-2024-34448 was published for @tryghost/members-csv (npm) May 22, 2024
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35059 was published for ait-core (pip) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-7336-ghhp-f2qj was published for shopware/shopware (Composer) May 21, 2024
ProTip! Advisories are also available from the GraphQL API