GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
597 advisories
Filter by severity
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
High
CVE-2024-39877
was published
for
apache-airflow
(pip)
Jul 17, 2024
langchain-experimental vulnerable to Arbitrary Code Execution
Critical
CVE-2024-21513
was published
for
langchain-experimental
(pip)
Jul 15, 2024
setuptools vulnerable to Command Injection via package URL
High
CVE-2024-6345
was published
for
setuptools
(pip)
Jul 15, 2024
Duplicate Advisory: Gogs allows argument injection during the previewing of changes
Critical
GHSA-hf29-9hfh-w63j
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Critical
CVE-2024-39236
was published
for
Gradio
(pip)
Jul 1, 2024
Remote Code Execution (RCE) vulnerability in geoserver
Critical
CVE-2024-36401
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty.
Critical
CVE-2024-38993
was published
for
jsonic
(npm)
Jul 1, 2024
•
withdrawn
vanna vulnerable to remote code execution caused by prompt injection
Critical
CVE-2024-5826
was published
for
vanna
(pip)
Jun 27, 2024
litellm vulnerable to remote code execution based on using eval unsafely
Critical
CVE-2024-5751
was published
for
litellm
(pip)
Jun 27, 2024
Remote Code Execution in create_conda_env function in lollms
Moderate
CVE-2024-3121
was published
for
lollms
(pip)
Jun 24, 2024
XWiki Platform allows remote code execution from user account
Critical
CVE-2024-37899
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 20, 2024
Dolibarr arbitrary file upload vulnerability
High
CVE-2024-37821
was published
for
dolibarr/dolibarr
(Composer)
Jun 18, 2024
Badger Database Prototype Pollution
High
CVE-2024-36581
was published
for
@abw/badger-database
(npm)
Jun 17, 2024
Langflow remote code execution vulnerability
High
CVE-2024-37014
was published
for
langflow
(pip)
Jun 10, 2024
Privilege Escalation & SQL Injection in TYPO3 CMS
High
GHSA-7qwg-fcpw-xg5g
was published
for
typo3/cms
(Composer)
Jun 5, 2024
TYPO3 Remote Code Execution in third party library swiftmailer
High
GHSA-g4pf-3jvq-2gcw
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Arbitrary Code Execution in TYPO3 CMS
Critical
GHSA-67wg-6j7r-mqh8
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
javascript-deobfuscator crafted payload can lead to code execution
High
CVE-2024-36120
was published
for
js-deobfuscator
(npm)
Jun 4, 2024
code injection vulnerability exists in the huggingface/text-generation-inference repository
Moderate
CVE-2024-3924
was published
for
text-generation
(pip)
Jun 2, 2024
Vanna prompt injection code execution
Critical
CVE-2024-5565
was published
for
vanna
(pip)
May 31, 2024
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
High
CVE-2014-6072
was published
for
symfony/symfony
(Composer)
May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle
High
CVE-2014-4931
was published
for
symfony/framework-bundle
(Composer)
May 30, 2024
ProTip!
Advisories are also available from the
GraphQL API