Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,413
Erlang
29
GitHub Actions
16
Go
1,653
Maven
4,915
npm
3,442
NuGet
594
pip
2,832
Pub
10
RubyGems
823
Rust
763
Swift
34
Unreviewed advisories
All unreviewed
5,000+

44 advisories

vyper performs double eval of raw_args in create_from_blueprint Moderate
CVE-2024-32647 was published for vyper (pip) Apr 25, 2024
vyper performs double eval of the argument of sqrt Moderate
CVE-2024-32649 was published for vyper (pip) Apr 25, 2024
cyberthirst
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution Critical
CVE-2024-31996 was published for org.xwiki.commons:xwiki-commons-velocity (Maven) Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference Critical
CVE-2024-31986 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
XWiki Platform: Remote code execution through space title and Solr space facet Critical
CVE-2024-31984 was published for org.xwiki.platform:xwiki-platform-search-solr-ui (Maven) Apr 10, 2024
XWiki Platform: Remote code execution as guest via DatabaseSearch Critical
CVE-2024-31982 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Apr 10, 2024
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet Critical
CVE-2024-31465 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Apr 10, 2024
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not... Unknown Unreviewed
CVE-2023-7245 was published Feb 20, 2024
XWiki Remote Code Execution Vulnerability via User Registration Critical
CVE-2024-21650 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Jan 8, 2024
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external... High Unreviewed
CVE-2023-7224 was published Jan 8, 2024
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet:... High Unreviewed
CVE-2023-7101 was published Dec 25, 2023
Remote code execution/programming rights with configuration section from any user account Critical
CVE-2023-50723 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
Eval Injection in fastbots High
CVE-2023-48699 was published for fastbots (pip) Nov 21, 2023
ubertidavide
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest Critical
CVE-2023-46731 was published for org.xwiki.platform:xwiki-platform-administration (Maven) Nov 8, 2023
Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet High
CVE-2023-37909 was published for org.xwiki.platform:xwiki-platform-menu (Maven) Oct 25, 2023
XWiki Platform privilege escalation (PR) from account through AWM content fields Critical
CVE-2023-40177 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Aug 21, 2023
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message Critical
CVE-2023-37914 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Aug 18, 2023
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability Critical
CVE-2023-37462 was published for org.xwiki.platform:xwiki-platform-skin-ui (Maven) Jul 14, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults Critical
CVE-2023-35152 was published for org.xwiki.platform:xwiki-platform-like-ui (Maven) Jun 20, 2023
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application Critical
CVE-2023-35150 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Jun 20, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector Critical
CVE-2023-29516 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Apr 20, 2023
xwiki-platform-administration-ui vulnerable to privilege escalation Critical
CVE-2023-29511 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation Critical
CVE-2023-30537 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability Critical
CVE-2023-29509 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability Critical
CVE-2023-29214 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Apr 12, 2023
ProTip! Advisories are also available from the GraphQL API