Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator Critical
CVE-2025-50213 was published for apache-airflow-providers-snowflake (pip) Jun 26, 2025
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST... Critical Unreviewed
CVE-2024-39243 was published Jun 26, 2024
A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature,... High Unreviewed
CVE-2024-51941 was published Jan 22, 2025
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions... Moderate Unreviewed
CVE-2024-9940 was published Oct 17, 2024
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't... Low Unreviewed
CVE-2016-9471 was published May 13, 2022
A remote code execution vulnerability has been identified in the User Defined Tags module of CMS... High Unreviewed
CVE-2024-27622 was published Mar 5, 2024
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security... High Unreviewed
CVE-2023-23912 was published Feb 9, 2023
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS)... Moderate Unreviewed
CVE-2024-31806 was published Apr 8, 2024
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Critical
CVE-2023-40743 was published for axis:axis (Maven) Sep 5, 2023
jkmartindale ebickle
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> Moderate
CVE-2021-32797 was published for jupyterlab (pip) Aug 23, 2021
0xDeva
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification... Moderate Unreviewed
CVE-2024-7472 was published Oct 29, 2024
rdiffweb vulnerable to Special Element Injection Moderate
CVE-2022-4721 was published for rdiffweb (pip) Dec 27, 2022
OctoPrint vulnerable to Special Element Injection Moderate
CVE-2022-3607 was published for OctoPrint (pip) Oct 19, 2022
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution ... Moderate Unreviewed
CVE-2024-37779 was published Sep 23, 2024
Untrusted Query Object Evaluation in RPC API High
GHSA-64f8-pjgr-9wmr was published for surrealdb (Rust) Sep 11, 2024
RaphaelDarley
A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in... High Unreviewed
CVE-2024-0801 was published Mar 13, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39227 was published Aug 6, 2024
Winter CMS Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-29686 was published for wintercms/winter (Composer) Mar 29, 2024
** DISPUTED ** The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows... High Unreviewed
CVE-2022-48217 was published Jan 4, 2023
On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform... High Unreviewed
CVE-2024-37570 was published Jun 9, 2024
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without... Moderate Unreviewed
CVE-2024-31812 was published Apr 8, 2024
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE)... High Unreviewed
CVE-2024-31809 was published Apr 8, 2024
An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an... High Unreviewed
CVE-2024-24257 was published Jul 26, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2024-23268 was published Mar 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database