GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
662 advisories
Filter by severity
A remote code execution issue exists in HPE OneView.
Critical
Unreviewed
CVE-2023-30912
was published
Oct 25, 2023
Vulnerability in the Oracle Communications Converged Application Server product of Oracle...
Critical
Unreviewed
CVE-2023-21890
was published
Jan 18, 2023
django_make_app is vulnerable to Code Injection
Critical
CVE-2017-16764
was published
for
django_make_app
(pip)
Jul 13, 2018
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker...
Critical
Unreviewed
CVE-2024-44430
was published
Sep 13, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww...
Critical
Unreviewed
CVE-2024-7104
was published
Sep 16, 2024
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers...
Critical
Unreviewed
CVE-2024-44466
was published
Sep 11, 2024
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands,...
Critical
Unreviewed
CVE-2023-30131
was published
Oct 19, 2023
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a...
Critical
Unreviewed
CVE-2023-46042
was published
Oct 19, 2023
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary...
Critical
Unreviewed
CVE-2023-46509
was published
Oct 27, 2023
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php...
Critical
Unreviewed
CVE-2023-46010
was published
Oct 25, 2023
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.
Critical
Unreviewed
CVE-2024-44410
was published
Sep 9, 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.
Critical
Unreviewed
CVE-2024-44411
was published
Sep 9, 2024
An unauthenticated remote attacker can run malicious c# code included in curve files and execute...
Critical
Unreviewed
CVE-2024-6596
was published
Sep 10, 2024
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to...
Critical
Unreviewed
CVE-2024-39714
was published
Sep 7, 2024
pyload-ng vulnerable to RCE with js2py sandbox escape
Critical
GHSA-r9pp-r4xf-597r
was published
for
pyload-ng
(pip)
Sep 9, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Critical
CVE-2024-37901
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Jul 31, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Critical
CVE-2024-45053
was published
for
ethyca-fides
(pip)
Sep 4, 2024
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling...
Critical
Unreviewed
CVE-2024-45321
was published
Aug 27, 2024
PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code...
Critical
Unreviewed
CVE-2023-46404
was published
Nov 3, 2023
An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2023-46980
was published
Nov 3, 2023
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script...
Critical
Unreviewed
CVE-2023-46958
was published
Nov 3, 2023
Code injection in stanford-parser
Critical
CVE-2023-39020
was published
for
edu.stanford.nlp:stanford-parser
(Maven)
Jul 28, 2023
Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection...
Critical
Unreviewed
CVE-2024-24091
was published
Feb 8, 2024
ProTip!
Advisories are also available from the
GraphQL API