Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,768
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

608 advisories

Loading
Plenti - Code Injection - Denial of Services Moderate
GHSA-mj4v-hp69-27x5 was published for github.com/plentico/plenti (Go) Feb 5, 2025
ahmetak4n
XWiki Platform allows remote code execution from user account Critical
CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024
CycloneDX cdxgen may execute code contained within build-related files Moderate
CVE-2024-50611 was published for @cyclonedx/cdxgen (npm) Oct 28, 2024
prabhu
Spring Framework has Improperly Implemented Security Check for Standard Critical
CVE-2018-1275 was published for org.springframework:spring-messaging (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Spring Framework allows applications to expose STOMP over WebSocket endpoints Critical
CVE-2018-1270 was published for org.springframework:spring-messaging (Maven) Oct 17, 2018
Remote Code Execution on click of <a> Link in markdown preview High
CVE-2024-49362 was published for joplin (npm) Nov 14, 2024
jackfromeast gshanbhag525
Apache RocketMQ may have remote code execution vulnerability when using update configuration function Critical
CVE-2023-33246 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 6, 2023
Remote Code Execution in Spring Framework Critical
CVE-2022-22965 was published for org.springframework.boot:spring-boot-starter-web (Maven) Mar 31, 2022
rotilho cdupuis
briandealwis
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability High
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
Craft CMS has a potential RCE with a compromised security key High
CVE-2025-23209 was published for craftcms/cms (Composer) Jan 21, 2025
TorchGeo Remote Code Execution Vulnerability High
CVE-2024-49048 was published for torchgeo (pip) Nov 12, 2024
XWiki Platform: Remote code execution through space title and Solr space facet Critical
CVE-2024-31984 was published for org.xwiki.platform:xwiki-platform-search-solr-ui (Maven) Apr 10, 2024
XWiki Platform: Remote code execution as guest via DatabaseSearch Critical
CVE-2024-31982 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Apr 10, 2024
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
PaddlePaddle vulnerable to remote code execution Critical
CVE-2024-0917 was published for paddlepaddle (pip) Mar 7, 2024
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler High
CVE-2024-39877 was published for apache-airflow (pip) Jul 17, 2024
LlamaIndex includes an exec call for `import {cls_name}` Critical
CVE-2024-45201 was published for llama-index-core (pip) Aug 22, 2024
Mongoose search injection vulnerability Critical
CVE-2025-23061 was published for mongoose (npm) Jan 15, 2025
skrtheboss
Arbitrary File Read Vulnerability in Apache Dolphinscheduler High
CVE-2023-51770 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Rasa Allows Remote Code Execution via Remote Model Loading Critical
CVE-2024-49375 was published for rasa (pip) Jan 14, 2025
dom-iterator code execution vulnerability Moderate
CVE-2024-21541 was published for dom-iterator (npm) Nov 13, 2024
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution Critical
CVE-2024-31996 was published for org.xwiki.commons:xwiki-commons-velocity (Maven) Apr 10, 2024
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet Critical
CVE-2024-31465 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Apr 10, 2024
Reportlab vulnerable to remote code execution High
CVE-2023-33733 was published for reportlab (pip) Jun 5, 2023
m3t3kh4n
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database