Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,552
Erlang
33
GitHub Actions
25
Go
2,220
Maven
5,000+
npm
3,890
NuGet
700
pip
3,657
Pub
12
RubyGems
913
Rust
942
Swift
38
Unreviewed advisories
All unreviewed
5,000+

230 advisories

Loading
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi lucasmrod
getvictor rh-colbymorgan jeffssh
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO:... Critical Unreviewed
CVE-2022-31631 was published Feb 13, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header Critical
GHSA-c2p2-hgjg-9r3f was published for islandora/crayfish (Composer) Feb 12, 2025
xbow-security
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Critical Unreviewed
CVE-2025-22978 was published Feb 3, 2025
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39785 was published Jan 14, 2025
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39784 was published Jan 14, 2025
A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink... Critical Unreviewed
CVE-2024-39604 was published Jan 14, 2025
A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000... Critical Unreviewed
CVE-2024-36295 was published Jan 14, 2025
A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink... Critical Unreviewed
CVE-2024-34544 was published Jan 14, 2025
A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink... Critical Unreviewed
CVE-2024-21797 was published Jan 14, 2025
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It... Critical Unreviewed
CVE-2024-10914 was published Nov 6, 2024
DataEase's H2 datasource has a remote command execution risk Critical
CVE-2024-46997 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS... Critical Unreviewed
CVE-2024-42914 was published Aug 23, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39227 was published Aug 6, 2024
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)... Critical Unreviewed
CVE-2024-40324 was published Jul 25, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows... Critical Unreviewed
CVE-2024-39704 was published Jul 3, 2024
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)... Critical Unreviewed
CVE-2024-37759 was published Jun 24, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution Critical
GHSA-cc97-g92w-jm65 was published for typo3/cms-core (Composer) May 30, 2024
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35059 was published for ait-core (pip) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-7336-ghhp-f2qj was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-q3g4-2vw9-xv27 was published for shopware/shopware (Composer) May 21, 2024
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay... Critical Unreviewed
CVE-2024-34919 was published May 17, 2024
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data... Critical Unreviewed
CVE-2023-22527 was published Jan 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database