GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
93 advisories
Craft CMS has a theoretical bypass for CVE-2025-23209
Moderate
CVE-2025-54417
was published
for
craftcms/cms
(Composer)
Aug 8, 2025
Pyload log Injection via API /json/add_package in add_name parameter
Moderate
GHSA-3wwm-hjv7-23r3
was published
for
pyload-ng
(pip)
Jul 30, 2025
PrismJS DOM Clobbering vulnerability
Moderate
CVE-2024-53382
was published
for
prismjs
(npm)
Mar 3, 2025
Flair allows arbitrary code execution
Moderate
CVE-2024-10073
was published
for
flair
(pip)
Oct 17, 2024
Pug allows JavaScript code execution if an application accepts untrusted input
Moderate
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
nest allows a remote attacker to execute arbitrary code via the Content-Type header
Moderate
CVE-2024-29409
was published
for
@nestjs/common
(npm)
Mar 14, 2025
Plenti - Code Injection - Denial of Services
Moderate
CVE-2025-26260
was published
for
github.com/plentico/plenti
(Go)
Feb 5, 2025
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
CycloneDX cdxgen may execute code contained within build-related files
Moderate
CVE-2024-50611
was published
for
@cyclonedx/cdxgen
(npm)
Oct 28, 2024
ProTip!
Advisories are also available from the
GraphQL API