GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
280 advisories
Filter by severity
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
Critical
CVE-2023-32692
was published
for
codeigniter4/framework
(Composer)
May 22, 2023
jsreport vulnerable to code injection
Critical
CVE-2023-2583
was published
for
jsreport
(npm)
May 8, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation
Critical
CVE-2023-30537
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
Critical
CVE-2023-29509
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability
Critical
CVE-2023-29214
was published
for
org.xwiki.platform:xwiki-platform-panels-ui
(Maven)
Apr 12, 2023
xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability
Critical
CVE-2023-29212
was published
for
org.xwiki.platform:xwiki-platform-panels-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability
Critical
CVE-2023-29211
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability
Critical
CVE-2023-29210
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability
Critical
CVE-2023-29209
was published
for
org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro
(Maven)
Apr 12, 2023
Apache Airflow Hive Provider vulnerable to code injection
Critical
CVE-2023-28706
was published
for
apache-airflow-providers-apache-hive
(pip)
Apr 7, 2023
LangChain vulnerable to code injection
Critical
CVE-2023-29374
was published
for
langchain
(pip)
Apr 5, 2023
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
Critical
CVE-2023-28333
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
builderio/qwik is vulnerable to code injection
Critical
CVE-2023-1283
was published
for
@builder.io/qwik
(npm)
Mar 9, 2023
Remote code execution in Funadmin
Critical
CVE-2023-24776
was published
for
funadmin/funadmin
(Composer)
Mar 6, 2023
Moodle Session Fixation vulnerability
Critical
CVE-2021-36394
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
Critical
CVE-2023-26477
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Mar 3, 2023
Code injection in pdf_info
Critical
CVE-2022-36231
was published
for
pdf_info
(RubyGems)
Feb 24, 2023
Code Injection in thorsten/phpmyfaq
Critical
CVE-2023-0788
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
Remote code execution in simple-git
Critical
CVE-2022-25860
was published
for
simple-git
(npm)
Jan 26, 2023
Remote Code Execution in com.bstek.uflo:uflo-core
Critical
CVE-2022-25894
was published
for
com.bstek.uflo:uflo-core
(Maven)
Jan 26, 2023
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Critical
CVE-2023-22731
was published
for
shopware/core
(Composer)
Jan 17, 2023
nterchange Code Injection vulnerability
Critical
CVE-2015-10009
was published
for
nonfiction/nterchange
(Composer)
Jan 2, 2023
vm2 vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25893
was published
for
vm2
(npm)
Dec 21, 2022
ProTip!
Advisories are also available from the
GraphQL API