Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,763 advisories

Loading
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37466 was published for vm2 (npm) Jul 13, 2023
leesh3288
Credited to leesh3288
GitPython vulnerable to Remote Code Execution due to improper user input validation Critical
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
Credited to ad-m-ss and tdunlap607
Arbitrary Code Execution in underscore Critical
CVE-2021-23358 was published for underscore (npm) May 6, 2021
rajuc075
Credited to rajuc075
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS... High Unreviewed
CVE-2025-24243 was published Apr 1, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2,... High Unreviewed
CVE-2024-54529 was published Dec 12, 2024
When handling keypress events, an attacker may have been able to trick a user into bypassing the ... High Unreviewed
CVE-2024-11697 was published Nov 26, 2024
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of... High Unreviewed
CVE-2024-11699 was published Nov 26, 2024
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code.... Moderate Unreviewed
CVE-2023-39333 was published Sep 7, 2024
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due... Low Unreviewed
CVE-2024-22123 was published Aug 12, 2024
An administrator with restricted permissions can exploit the script execution functionality... Critical Unreviewed
CVE-2024-22116 was published Aug 12, 2024
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly... Moderate Unreviewed
CVE-2024-6923 was published Aug 1, 2024
A mismatch between allocator and deallocator could have lead to memory corruption. This... Critical Unreviewed
CVE-2024-6602 was published Jul 9, 2024
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user... High Unreviewed
CVE-2025-8030 was published Jul 22, 2025
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited... High Unreviewed
CVE-2024-58258 was published Jul 14, 2025
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
Credited to yvvdwf, rmosolgo, joernchen, and adarshan-gl
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27678 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27657 was published Mar 5, 2025
In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at... Critical Unreviewed
CVE-2024-53920 was published Nov 27, 2024
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an... Critical Unreviewed
CVE-2025-1011 was published Feb 4, 2025
A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS... High Unreviewed
CVE-2025-24159 was published Jan 28, 2025
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage... Moderate Unreviewed
CVE-2023-6604 was published Jan 6, 2025
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file... Moderate Unreviewed
CVE-2023-6601 was published Jan 6, 2025
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute... Critical Unreviewed
CVE-2023-36177 was published Jan 24, 2024
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise... Critical Unreviewed
CVE-2014-5401 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database