GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,413
Erlang
29
GitHub Actions
16
Go
1,653
Maven
4,915
npm
3,442
NuGet
594
pip
2,832
Pub
10
RubyGems
823
Rust
763
Swift
34
Unreviewed advisories
All unreviewed
5,000+
44 advisories
Filter by severity
vyper performs double eval of raw_args in create_from_blueprint
Moderate
CVE-2024-32647
was published
for
vyper
(pip)
Apr 25, 2024
vyper performs double eval of the argument of sqrt
Moderate
CVE-2024-32649
was published
for
vyper
(pip)
Apr 25, 2024
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
Critical
CVE-2024-31996
was published
for
org.xwiki.commons:xwiki-commons-velocity
(Maven)
Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference
Critical
CVE-2024-31986
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution through space title and Solr space facet
Critical
CVE-2024-31984
was published
for
org.xwiki.platform:xwiki-platform-search-solr-ui
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution as guest via DatabaseSearch
Critical
CVE-2024-31982
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
Critical
CVE-2024-31465
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Apr 10, 2024
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not...
Unknown
Unreviewed
CVE-2023-7245
was published
Feb 20, 2024
XWiki Remote Code Execution Vulnerability via User Registration
Critical
CVE-2024-21650
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Jan 8, 2024
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external...
High
Unreviewed
CVE-2023-7224
was published
Jan 8, 2024
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet:...
High
Unreviewed
CVE-2023-7101
was published
Dec 25, 2023
Remote code execution/programming rights with configuration section from any user account
Critical
CVE-2023-50723
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 16, 2023
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest
Critical
CVE-2023-46731
was published
for
org.xwiki.platform:xwiki-platform-administration
(Maven)
Nov 8, 2023
Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet
High
CVE-2023-37909
was published
for
org.xwiki.platform:xwiki-platform-menu
(Maven)
Oct 25, 2023
XWiki Platform privilege escalation (PR) from account through AWM content fields
Critical
CVE-2023-40177
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Aug 21, 2023
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message
Critical
CVE-2023-37914
was published
for
org.xwiki.platform:xwiki-platform-invitation-ui
(Maven)
Aug 18, 2023
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability
Critical
CVE-2023-37462
was published
for
org.xwiki.platform:xwiki-platform-skin-ui
(Maven)
Jul 14, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults
Critical
CVE-2023-35152
was published
for
org.xwiki.platform:xwiki-platform-like-ui
(Maven)
Jun 20, 2023
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application
Critical
CVE-2023-35150
was published
for
org.xwiki.platform:xwiki-platform-invitation-ui
(Maven)
Jun 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector
Critical
CVE-2023-29516
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Apr 20, 2023
xwiki-platform-administration-ui vulnerable to privilege escalation
Critical
CVE-2023-29511
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation
Critical
CVE-2023-30537
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
Critical
CVE-2023-29509
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability
Critical
CVE-2023-29214
was published
for
org.xwiki.platform:xwiki-platform-panels-ui
(Maven)
Apr 12, 2023
ProTip!
Advisories are also available from the
GraphQL API