Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

587 advisories

Loading
Remote Code Execution on click of <a> Link in markdown preview High
CVE-2024-49362 was published for joplin (npm) Nov 14, 2024
jackfromeast
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI High
CVE-2024-52293 was published for craftcms/cms (Composer) Nov 13, 2024
nullchilly
dom-iterator code execution vulnerability Moderate
CVE-2024-21541 was published for dom-iterator (npm) Nov 13, 2024
Moodle Remote Code Execution vulnerability High
CVE-2024-43425 was published for moodle/moodle (Composer) Nov 7, 2024
Langflow vulnerable to remote code execution Moderate
CVE-2024-48061 was published for langflow (pip) Nov 5, 2024
AgentScope uses `eval` High
CVE-2024-48050 was published for agentscope (pip) Nov 5, 2024
lilconfig Code Injection vulnerability High
CVE-2024-21537 was published for lilconfig (npm) Oct 31, 2024
CycloneDX cdxgen may execute code contained within build-related files Moderate
CVE-2024-50611 was published for @cyclonedx/cdxgen (npm) Oct 28, 2024
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) High
CVE-2024-47879 was published for org.openrefine:main (Maven) Oct 24, 2024
wetneb
OS Command Injection in Snyk gradle plugin High
CVE-2024-48964 was published for snyk-gradle-plugin (npm) Oct 23, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions Critical
CVE-2024-9264 was published for github.com/grafana/grafana (Go) Oct 18, 2024
Malayke
Flair allows arbitrary code execution Moderate
CVE-2024-10073 was published for flair (pip) Oct 17, 2024
m3t3kh4n
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10
Remote command execution in promptr High
CVE-2024-46489 was published for @ifnotnowwhen/promptr (npm) Sep 25, 2024
sqlitedict insecure deserialization vulnerability High
CVE-2024-35515 was published for sqlitedict (pip) Sep 18, 2024
Composio Code Injection Vulnerability Moderate
CVE-2024-8864 was published for composio-core (pip) Sep 16, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45851 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45846 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45847 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45849 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45850 was published for mindsdb (pip) Sep 12, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45848 was published for mindsdb (pip) Sep 12, 2024
pyload-ng vulnerable to RCE with js2py sandbox escape Critical
CVE-2024-39205 was published for pyload-ng (pip) Sep 9, 2024
Marven11
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine High
CVE-2024-45053 was published for ethyca-fides (pip) Sep 4, 2024
grmpyninja andres-torres-marroquin
adamsachs daveqnet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database