GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Langflow remote code execution vulnerability
High
CVE-2024-37014
was published
for
langflow
(pip)
Jun 10, 2024
Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on...
Moderate
Unreviewed
CVE-2024-2537
was published
Mar 15, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross...
Moderate
Unreviewed
CVE-2023-6184
was published
Jan 18, 2024
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable...
High
Unreviewed
CVE-2023-31032
was published
Jan 12, 2024
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically...
Critical
Unreviewed
CVE-2023-43177
was published
Nov 18, 2023
Eclipse Glassfish remote code execution issue
Moderate
CVE-2023-5763
was published
for
org.glassfish.main.orb:orb-connector
(Maven)
Nov 3, 2023
TorchServe Pre-Auth Remote Code Execution
Critical
GHSA-4mqg-h5jf-j9m7
was published
for
torchserve
(pip)
Oct 2, 2023
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the...
Moderate
Unreviewed
CVE-2023-39983
was published
Sep 2, 2023
RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
High
CVE-2023-37271
was published
for
RestrictedPython
(pip)
Jul 10, 2023
SpiceDB's LookupResources may return partial results
Low
CVE-2023-35930
was published
for
github.com/authzed/spicedb
(Go)
Jun 28, 2023
toui allows user-specific variables to be shared between users
Critical
CVE-2023-33175
was published
for
toui
(pip)
May 24, 2023
sqlite vulnerable to code execution due to Object coercion
High
CVE-2022-43441
was published
for
sqlite3
(npm)
Mar 13, 2023
CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation
Moderate
CVE-2022-4318
was published
for
github.com/cri-o/cri-o
(Go)
Dec 29, 2022
vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host
Critical
CVE-2022-36067
was published
for
vm2
(npm)
Sep 28, 2022
Budibase Improper Access Control vulnerability
Moderate
CVE-2022-3225
was published
for
@budibase/bbui
(npm)
Sep 17, 2022
CrafterCMS OS Command Injection vulnerability
High
CVE-2022-40635
was published
for
org.craftercms:craftercms
(Maven)
Sep 14, 2022
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources
High
CVE-2022-40634
was published
for
org.craftercms:crafter-studio
(Maven)
Sep 14, 2022
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the...
High
Unreviewed
CVE-2022-39051
was published
Sep 6, 2022
A vulnerability found in postgresql. On this security issue an attack requires permission to...
High
Unreviewed
CVE-2022-2625
was published
Aug 19, 2022
The Multipass service was found to have code paths that could be abused to cause a denial of...
Critical
Unreviewed
CVE-2022-27889
was published
Jun 15, 2022
There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei...
Critical
Unreviewed
CVE-2021-22387
was published
May 24, 2022
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a...
Critical
Unreviewed
CVE-2021-32563
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API