GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
587 advisories
Filter by severity
Plone Arbitrary Code Execution via Unsafe Handling of Pickles
Critical
CVE-2007-5741
was published
for
plone
(pip)
May 1, 2022
Vanna prompt injection code execution
Critical
CVE-2024-5565
was published
for
vanna
(pip)
May 31, 2024
langchain arbitrary code execution vulnerability
Critical
CVE-2023-36258
was published
for
langchain
(pip)
Jul 3, 2023
xalpha vulnerable to Remote Code Execution
Critical
CVE-2023-37659
was published
for
xalpha
(pip)
Jul 11, 2023
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers
Critical
CVE-2009-0668
was published
for
ZODB3
(pip)
May 2, 2022
vault-cli contains possible RCE when reading user-defined data
Moderate
CVE-2021-43837
was published
for
vault-cli
(pip)
Dec 16, 2021
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(Maven)
Oct 11, 2024
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
High
CVE-2024-45053
was published
for
ethyca-fides
(pip)
Sep 4, 2024
req may send an unintended request when a malformed URL is provided
Moderate
CVE-2024-45258
was published
for
github.com/imroc/req
(Go)
Aug 26, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input
Moderate
CVE-2024-45390
was published
for
@blakeembrey/template
(npm)
Sep 3, 2024
GitHub Actions Script Injection in `ultralytics/actions`
High
GHSA-7x29-qqmq-v6qc
was published
for
ultralytics/actions
(GitHub Actions)
Aug 14, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally
Critical
CVE-2024-34344
was published
for
nuxt
(npm)
Aug 5, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
High
CVE-2024-37900
was published
for
org.xwiki.platform:xwiki-platform-web-war
(Maven)
Jul 31, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
CVE-2024-40420
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
langchain-experimental vulnerable to Arbitrary Code Execution
Critical
CVE-2024-21513
was published
for
langchain-experimental
(pip)
Jul 15, 2024
Arbitrary Code Execution in Pillow
Critical
CVE-2023-50447
was published
for
Pillow
(pip)
Jan 19, 2024
GitPython vulnerable to Remote Code Execution due to improper user input validation
Critical
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
Moderate
CVE-2020-10684
was published
for
ansible
(pip)
Apr 7, 2021
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
Code injection in `saved_model_cli`
Moderate
CVE-2021-41228
was published
for
tensorflow
(pip)
Nov 10, 2021
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI
High
CVE-2024-52293
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
ProTip!
Advisories are also available from the
GraphQL API