Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
Credited to derrickmehaffy, Ccamm, and Convly
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability Critical
CVE-2023-29213 was published for org.xwiki.platform:xwiki-platform-logging-ui (Maven) Apr 12, 2023
Remote Code Execution for 2.4.1 and earlier Critical
CVE-2023-36812 was published for net.opentsdb:opentsdb (Maven) Jun 30, 2023
oxeye-daniel oxeye-gal
Credited to oxeye-daniel and oxeye-gal
Code injection via unescaped translations in xwiki-platform Critical
CVE-2023-29510 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Apr 19, 2023
XWiki Platform vulnerable to Code injection through NotificationRSSService Critical
CVE-2023-36469 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Jun 30, 2023
XWiki Platform vulnerable to Code Injection in icon themes Critical
CVE-2023-36470 was published for org.xwiki.platform:xwiki-platform-icon-default (Maven) Jun 30, 2023
The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user... Critical Unreviewed
CVE-2023-5340 was published Nov 20, 2023
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to... Critical Unreviewed
CVE-2022-3643 was published Dec 7, 2022
Usedesk before 1.7.57 allows chat template injection. Critical Unreviewed
CVE-2023-49214 was published Nov 24, 2023
HtmlUnit Code Injection vulnerability Critical
CVE-2023-26119 was published for net.sourceforge.htmlunit:htmlunit (Maven) Jul 6, 2023
This Template Injection vulnerability allows an authenticated attacker, including one with... Critical Unreviewed
CVE-2023-22522 was published Dec 6, 2023
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell... Critical Unreviewed
CVE-2023-46456 was published Dec 12, 2023
A vulnerability has been found in Activity Log Plugin and classified as critical. This... Critical Unreviewed
CVE-2022-3941 was published Nov 11, 2022
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized... Critical Unreviewed
CVE-2024-0552 was published Jan 15, 2024
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur
Credited to pdeslaur
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Credited to isometriks and tdunlap607
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an... Critical Unreviewed
CVE-2021-3169 was published May 24, 2022
Remote code execution via vulnerable Symphony dependecy injection Critical
CVE-2019-8135 was published for magento/community-edition (Composer) Nov 12, 2019
Expression injection in AviatorScript Critical
CVE-2021-41862 was published for com.googlecode.aviator:aviator (Maven) Oct 4, 2021
joelteo-poloniex
Credited to joelteo-poloniex
TWiki allows arbitrary shell command execution via the Include function Critical Unreviewed
CVE-2005-3056 was published Apr 21, 2022
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
Credited to mtrezza and EhsanParsania
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable,... Critical Unreviewed
CVE-2023-29827 was published May 4, 2023
** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via... Critical Unreviewed
CVE-2015-5377 was published May 14, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The SIP implementation... Critical Unreviewed
CVE-2017-9861 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database