GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,159 advisories
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
Code Injection in PHPUnit
Critical
CVE-2017-9841
was published
for
phpunit/phpunit
(Composer)
Mar 26, 2022
WhoDB has a path traversal opening Sqlite3 database
Critical
CVE-2025-24786
was published
for
github.com/clidey/whodb/core
(Go)
Feb 6, 2025
org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors
Critical
CVE-2023-29507
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 12, 2023
Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc
Critical
CVE-2025-24981
was published
for
@nuxtjs/mdc
(npm)
Feb 6, 2025
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(Maven)
Oct 11, 2024
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Critical
CVE-2024-23346
was published
for
pymatgen
(pip)
Feb 21, 2024
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)
Critical
GHSA-9x4v-xfq5-m8x5
was published
for
better-auth
(npm)
Feb 5, 2025
GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions
Critical
CVE-2024-36404
was published
for
org.geotools.xsd:gt-xsd-core
(Maven)
Feb 5, 2025
Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
Critical
CVE-2025-24964
was published
for
vitest
(npm)
Feb 4, 2025
Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass
Critical
CVE-2025-24370
was published
for
django-unicorn
(pip)
Feb 3, 2025
Spring Framework has Improperly Implemented Security Check for Standard
Critical
CVE-2018-1275
was published
for
org.springframework:spring-messaging
(Maven)
Oct 17, 2018
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Critical
CVE-2024-45337
was published
for
golang.org/x/crypto
(Go)
Dec 11, 2024
General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches
Critical
GHSA-vpxm-cr3r-pjp9
was published
for
org.openmrs.module:addresshierarchy
(Maven)
Jan 30, 2025
Rancher Webhook is misconfigured during upgrade process
Critical
CVE-2023-22651
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2023
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API