GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
148 advisories
Filter by severity
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
High
CVE-2024-46986
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections
High
CVE-2024-29896
was published
for
@kindspells/astro-shield
(npm)
Mar 29, 2024
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
High
CVE-2024-42370
was published
for
litestar
(pip)
Aug 9, 2024
•
withdrawn
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins
High
CVE-2024-41122
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
High
CVE-2024-23828
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
Flowise Path Injection at /api/v1/openai-assistants-file
High
CVE-2024-36420
was published
for
flowise
(npm)
Aug 5, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
High
CVE-2024-41111
was published
for
github.com/bishopfox/sliver
(Go)
Jul 18, 2024
Improper Input Validation in Apache Solr
High
CVE-2019-17558
was published
for
org.apache.solr:solr-core
(Maven)
Feb 12, 2020
Apache Wicket: Remote code execution via XSLT injection
High
CVE-2024-36522
was published
for
org.apache.wicket:wicket-util
(Maven)
Jul 12, 2024
Zend-Mail remote code execution in zend-mail via Sendmail adapter
High
GHSA-cxf7-m5g2-v594
was published
for
zendframework/zend-mail
(Composer)
Jun 7, 2024
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`
High
GHSA-jq87-2wxp-8349
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-5245
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Feb 24, 2020
Twig remote code execution in templates
High
CVE-2015-7809
was published
for
twig/twig
(Composer)
May 14, 2022
silverstripe/framework code execution vulnerability
High
GHSA-vgxh-x8jv-hmff
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework CSV Excel Macro Injection
High
GHSA-mqjc-x563-c9q8
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Ghost allows CSV Injection during member CSV export
High
CVE-2024-34448
was published
for
@tryghost/members-csv
(npm)
May 22, 2024
Joomla! Framework Remote Code Injection Vulnerability
High
CVE-2015-8566
was published
for
joomla/session
(Composer)
May 17, 2022
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability
High
CVE-2018-6519
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
Rancher code injection via fluentd config commands
High
CVE-2019-12303
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks
High
CVE-2017-17516
was published
for
rtv
(pip)
May 14, 2022
Code injection in Apache Ant
High
CVE-2020-11979
was published
for
org.apache.ant:ant
(Maven)
Feb 3, 2021
Composer Remote Code Execution vulnerability via web-accessible composer.phar
High
CVE-2023-43655
was published
for
composer/composer
(Composer)
Sep 29, 2023
ProTip!
Advisories are also available from the
GraphQL API