Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

305 advisories

Loading
node-qpdf vulnerable to command injection High
CVE-2023-26155 was published for node-qpdf (npm) Oct 14, 2023
MTProto proxy remote code execution vulnerability High
CVE-2023-45312 was published for mtproto_proxy (Erlang) Oct 10, 2023
Economizzer host header injection vulnerability High
CVE-2023-38877 was published for gugoan/economizzer (Composer) Sep 28, 2023
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script High
CVE-2023-38886 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
hson-java vulnerable to denial of service High
CVE-2023-39685 was published for org.hjson:hjson (Maven) Sep 1, 2023
Command injection in pagekit High
CVE-2023-41005 was published for pagekit/pagekit (Composer) Aug 29, 2023
pf4j vulnerable to remote code execution via the zippluginPath parameter High
CVE-2023-40826 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via expandIfZip method in the extract function High
CVE-2023-40828 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
pf4j vulnerable to remote code execution via loadpluginPath parameter High
CVE-2023-40827 was published for org.pf4j:pf4j (Maven) Aug 29, 2023
Code injection in ansible semaphore High
CVE-2023-39059 was published for github.com/ansible-semaphore/semaphore (Go) Aug 29, 2023
pandasai vulnerable to prompt injection High
CVE-2023-39660 was published for pandasai (pip) Aug 21, 2023
OpenNMS vulnerable to remote code execution High
CVE-2023-40313 was published for org.opennms:opennms-base-assembly (Maven) Aug 17, 2023
Apache NiFi Code Injection vulnerability High
CVE-2023-36542 was published for org.apache.nifi:nifi-cdc-mysql-bundle (Maven) Jul 29, 2023
SwiftTerm Code Injection vulnerability High
CVE-2022-23465 was published for github.com/migueldeicaza/SwiftTerm (Swift) Jul 14, 2023
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
Backstage Scaffolder plugin has insecure sandbox High
CVE-2023-35926 was published for @backstage/plugin-scaffolder-backend (npm) Jun 21, 2023
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability High
CVE-2023-34253 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34252 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability High
CVE-2023-30179 was published for craftcms/cms (Composer) Jun 13, 2023 withdrawn
angrybrad
Apache NiFi vulnerable to Code Injection High
CVE-2023-34468 was published for org.apache.nifi:nifi-dbcp-base (Maven) Jun 12, 2023
exceptionfactory
Reportlab vulnerable to remote code execution High
CVE-2023-33733 was published for reportlab (pip) Jun 5, 2023
m3t3kh4n
Code injection in nilsteampassnet/teampass High
CVE-2023-2859 was published for nilsteampassnet/teampass (Composer) May 24, 2023
Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled High
CVE-2023-32697 was published for org.xerial:sqlite-jdbc (Maven) May 23, 2023
4390c336
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
teampass vulnerable to code injection High
CVE-2023-2591 was published for nilsteampassnet/teampass (Composer) May 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database