Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the... High Unreviewed
CVE-2024-7059 was published Nov 5, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is... High Unreviewed
CVE-2024-8048 was published Oct 9, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is... High Unreviewed
CVE-2024-8014 was published Oct 9, 2024
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code... Critical Unreviewed
CVE-2024-8015 was published Oct 9, 2024
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is... High Unreviewed
CVE-2024-6096 was published Jul 24, 2024
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Moderate Unreviewed
CVE-2024-1574 was published Jul 4, 2024
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
iBotPeaches rob006
StimulusReflex arbitrary method call High
CVE-2024-28121 was published for stimulus_reflex (RubyGems) Mar 12, 2024
FelixMartel marcoroth
matt-phylum
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Critical Unreviewed
CVE-2023-6943 was published Jan 30, 2024
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to... High Unreviewed
CVE-2024-0200 was published Jan 16, 2024
In multiple locations, there is a possible way to import contacts belonging to other users due to... Moderate Unreviewed
CVE-2023-35680 was published Sep 11, 2023
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels... High Unreviewed
CVE-2023-32217 was published Jul 6, 2023
The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a... High Unreviewed
CVE-2023-0460 was published Jul 6, 2023
A website could have obscured the fullscreen notification by using a URL with a scheme handled by... Moderate Unreviewed
CVE-2023-37207 was published Jul 5, 2023
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code... High Unreviewed
CVE-2023-33652 was published Jun 6, 2023
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions Critical
CVE-2022-41852 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
Warxim JPLachance
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input Critical
CVE-2022-41853 was published for org.hsqldb:hsqldb (Maven) Oct 6, 2022
lukaseder
In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could... High Unreviewed
CVE-2022-26469 was published Sep 7, 2022
Use of Externally-Controlled Input to Select Classes or Code in Infinispan High
CVE-2019-10174 was published for org.infinispan:infinispan-core (Maven) May 24, 2022
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON)... High Unreviewed
CVE-2019-3834 was published May 24, 2022
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands... High Unreviewed
CVE-2018-5511 was published May 13, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2019-1003040 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin Critical
CVE-2019-1003041 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
westonsteimel
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and... Low Unreviewed
CVE-2004-2331 was published Apr 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database