Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,763 advisories

Loading
The Automation Scripting functionality can be exploited by attackers to run arbitrary system... High Unreviewed
CVE-2024-54448 was published Mar 14, 2025
Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where... Critical Unreviewed
CVE-2025-34277 was published Oct 31, 2025
Apereo CAS code injection vulnerability Low
CVE-2025-3984 was published for org.apereo.cas:cas-management-webapp-support (Maven) Apr 27, 2025
An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient... High Unreviewed
CVE-2025-11093 was published Nov 5, 2025
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote... High Unreviewed
CVE-2022-47879 was published May 12, 2023
Langflow Unauth RCE Critical
CVE-2025-3248 was published for langflow (pip) Jun 17, 2025
chximn-dt
Credited to chximn-dt
Apache Zeppelin remote code execution by adding malicious JDBC connection string Critical
CVE-2024-31864 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Apr 9, 2024
oscerd
Credited to oscerd
Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE... Moderate Unreviewed
CVE-2025-54466 was published Aug 15, 2025
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could... High Unreviewed
CVE-2025-50123 was published Jul 11, 2025
yyjson has a Double Free vulnerability High
CVE-2024-25713 was published for github.com/ibireme/yyjson (Swift) Feb 29, 2024
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name,... Moderate Unreviewed
CVE-2023-51317 was published Feb 20, 2025
PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which... Moderate Unreviewed
CVE-2023-51331 was published Feb 20, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS... High Unreviewed
CVE-2024-23278 was published Mar 8, 2024
PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which... Moderate Unreviewed
CVE-2023-51324 was published Feb 20, 2025
PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injection vulnerability which... Moderate Unreviewed
CVE-2023-51320 was published Feb 20, 2025
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute... Critical Unreviewed
CVE-2024-30923 was published Apr 18, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3,... High Unreviewed
CVE-2024-23208 was published Jan 23, 2024
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution ... High Unreviewed
CVE-2024-22899 was published Feb 2, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6,... High Unreviewed
CVE-2023-41984 was published Sep 27, 2023
setuptools vulnerable to Command Injection via package URL High
CVE-2024-6345 was published for setuptools (pip) Jul 15, 2024
iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization. Critical Unreviewed
CVE-2025-50739 was published Oct 30, 2025
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute... Moderate Unreviewed
CVE-2023-51797 was published Apr 19, 2024
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54... High Unreviewed
CVE-2025-60785 was published Nov 3, 2025
The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows.... Moderate Unreviewed
CVE-2024-27793 was published May 14, 2024
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag High
CVE-2024-35226 was published for smarty/smarty (Composer) May 29, 2024
TrixterTheTux
Credited to TrixterTheTux
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database