Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

2,346 advisories

Loading
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote... High Unreviewed
CVE-2022-47879 was published May 12, 2023
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty... High Unreviewed
CVE-2023-29400 was published May 11, 2023
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts.... High Unreviewed
CVE-2023-24539 was published May 11, 2023
An authenticated parameter injection vulnerability exists in the web-based management interface... High Unreviewed
CVE-2025-23051 was published Jan 14, 2025
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability High
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and... High Unreviewed
CVE-2015-1635 was published May 14, 2022
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in... High Unreviewed
CVE-2024-13499 was published Jan 22, 2025
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in... High Unreviewed
CVE-2024-13495 was published Jan 22, 2025
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not... High Unreviewed
CVE-2012-0014 was published May 4, 2022
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2,... High Unreviewed
CVE-2012-0175 was published May 4, 2022
Craft CMS has a potential RCE with a compromised security key High
CVE-2025-23209 was published for craftcms/cms (Composer) Jan 21, 2025
TorchGeo Remote Code Execution Vulnerability High
CVE-2024-49048 was published for torchgeo (pip) Nov 12, 2024
The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold... High Unreviewed
CVE-2009-2512 was published May 2, 2022
The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2,... High Unreviewed
CVE-2009-2494 was published May 2, 2022
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote... High Unreviewed
CVE-2009-1547 was published May 2, 2022
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler High
CVE-2024-39877 was published for apache-airflow (pip) Jul 17, 2024
The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a... High Unreviewed
CVE-2024-50954 was published Jan 15, 2025
** DISPUTED ** PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0... High Unreviewed
CVE-2007-5565 was published May 1, 2022
** DISPUTED ** PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online... High Unreviewed
CVE-2007-5097 was published May 1, 2022
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote... High Unreviewed
CVE-2006-3136 was published May 1, 2022
** DISPUTED ** PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9... High Unreviewed
CVE-2006-7105 was published May 1, 2022
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow... High Unreviewed
CVE-2007-4290 was published May 1, 2022
Arbitrary File Read Vulnerability in Apache Dolphinscheduler High
CVE-2023-51770 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database