Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,760 advisories

Loading
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
A mismatch between allocator and deallocator could have lead to memory corruption. This... Critical Unreviewed
CVE-2024-6602 was published Jul 9, 2024
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly... Moderate Unreviewed
CVE-2024-6923 was published Aug 1, 2024
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due... Low Unreviewed
CVE-2024-22123 was published Aug 12, 2024
An administrator with restricted permissions can exploit the script execution functionality... Critical Unreviewed
CVE-2024-22116 was published Aug 12, 2024
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code.... Moderate Unreviewed
CVE-2023-39333 was published Sep 7, 2024
When handling keypress events, an attacker may have been able to trick a user into bypassing the ... High Unreviewed
CVE-2024-11697 was published Nov 26, 2024
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of... High Unreviewed
CVE-2024-11699 was published Nov 26, 2024
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2,... High Unreviewed
CVE-2024-54529 was published Dec 12, 2024
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS... High Unreviewed
CVE-2025-24243 was published Apr 1, 2025
Arbitrary Code Execution in underscore Critical
CVE-2021-23358 was published for underscore (npm) May 6, 2021
rajuc075
Credited to rajuc075
GitPython vulnerable to Remote Code Execution due to improper user input validation Critical
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
Credited to ad-m-ss and tdunlap607
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37466 was published for vm2 (npm) Jul 13, 2023
leesh3288
Credited to leesh3288
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag High
CVE-2024-35226 was published for smarty/smarty (Composer) May 29, 2024
TrixterTheTux
Credited to TrixterTheTux
The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows.... Moderate Unreviewed
CVE-2024-27793 was published May 14, 2024
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54... High Unreviewed
CVE-2025-60785 was published Nov 3, 2025
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute... Moderate Unreviewed
CVE-2023-51797 was published Apr 19, 2024
iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization. Critical Unreviewed
CVE-2025-50739 was published Oct 30, 2025
setuptools vulnerable to Command Injection via package URL High
CVE-2024-6345 was published for setuptools (pip) Jul 15, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6,... High Unreviewed
CVE-2023-41984 was published Sep 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3,... High Unreviewed
CVE-2024-23208 was published Jan 23, 2024
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution ... High Unreviewed
CVE-2024-22899 was published Feb 2, 2024
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute... Critical Unreviewed
CVE-2024-30923 was published Apr 18, 2024
PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which... Moderate Unreviewed
CVE-2023-51324 was published Feb 20, 2025
PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injection vulnerability which... Moderate Unreviewed
CVE-2023-51320 was published Feb 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database