Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

587 advisories

Loading
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-64vj-933f-6pm3 was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Publish Remote code execution in file uploads High
GHSA-3vwr-jj4f-h98x was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-2w9p-xxqr-h253 was published for ezsystems/ezplatform-kernel (Composer) May 15, 2024
Drupal core Arbitrary PHP code execution High
GHSA-j66p-fvp2-fxhj was published for drupal/drupal (Composer) May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-jf8c-36vw-98x4 was published for drupal/drupal (Composer) May 15, 2024
Drupal core Arbitrary PHP code execution High
GHSA-gxxj-g9v8-w28p was published for drupal/core (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-7v68-3pr5-h3cr was published for drupal/core (Composer) May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-6mgp-v5cm-ghg5 was published for drupal/core (Composer) May 15, 2024
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction High
GHSA-pgj4-g5j4-cmfx was published for cart2quote/module-quotation-encoded (Composer) May 15, 2024
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
kubevirt allows a local attacker to execute arbitrary code via a crafted command Moderate
CVE-2024-33394 was published for kubevirt.io/kubevirt (Go) May 2, 2024
CraftBeerPi 4 allows arbitrary code execution Critical
CVE-2024-3955 was published for cbpi4 (pip) May 2, 2024
Flowise vulnerable to code injection via api/v1 High
CVE-2024-31621 was published for flowise (npm) Apr 29, 2024
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) High
CVE-2024-28848 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) High
CVE-2024-28847 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7602 was published for drupal/core (Composer) Apr 23, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) Critical
CVE-2024-28253 was published for org.open-metadata:openmetadata-service (Maven) Apr 23, 2024
pwntester
MySQL2 for Node Arbitrary Code Injection Critical
CVE-2024-21511 was published for mysql2 (npm) Apr 23, 2024
Keras code injection vulnerability Critical
CVE-2024-3660 was published for keras (pip) Apr 16, 2024
Code injection in Apache Zeppelin Shell Moderate
CVE-2024-31861 was published for org.apache.zeppelin:zeppelin-shell (Maven) Apr 11, 2024
raboof
mysql2 Remote Code Execution (RCE) via the readCodeFor function Critical
CVE-2024-21508 was published for mysql2 (npm) Apr 11, 2024
WWBN AVideo Remote Code Execution Critical
CVE-2024-31819 was published for wwbn/avideo (Composer) Apr 10, 2024
Aim Web API vulnerable to Remote Code Execution Critical
CVE-2024-2195 was published for aim (pip) Apr 10, 2024
LArkema
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution Critical
CVE-2024-3098 was published for llama-index-core (pip) Apr 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database