Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,762
NuGet
678
pip
3,447
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

3,147 advisories

Loading
LavaLite vulnerable to web cache poisoning Critical
CVE-2023-27238 was published for lavalite/cms (Composer) May 12, 2023
Apache Tomcat - Authentication Bypass Critical
CVE-2024-52316 was published for org.apache.tomcat:tomcat-catalina (Maven) Nov 18, 2024
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
PaddlePaddle Path Traversal vulnerability Critical
CVE-2024-0818 was published for paddlepaddle (pip) Mar 7, 2024
Apache Wicket: An attacker can intentionally trigger a memory leak Critical
CVE-2024-53299 was published for org.apache.wicket:wicket-core (Maven) Jan 23, 2025
Apache RocketMQ may have remote code execution vulnerability when using update configuration function Critical
CVE-2023-33246 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 6, 2023
Code execution in Apache Struts 1 plugin Critical
CVE-2017-9791 was published for org.apache.struts:struts2-struts1-plugin (Maven) May 13, 2022
Inadequate Encryption Strength Critical
CVE-2017-1000486 was published for org.primefaces:primefaces (Maven) Jun 3, 2021
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui Critical
CVE-2022-41930 was published for org.xwiki.platform:xwiki-platform-user-profile-ui (Maven) Nov 21, 2022
anonymous-nlp-student
Cross-site Scripting in MLFlow Critical
CVE-2024-27132 was published for mlflow (pip) Feb 24, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution Critical
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd gabby202308
XWiki Platform: Remote code execution through space title and Solr space facet Critical
CVE-2024-31984 was published for org.xwiki.platform:xwiki-platform-search-solr-ui (Maven) Apr 10, 2024
XWiki Platform: Remote code execution as guest via DatabaseSearch Critical
CVE-2024-31982 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Apr 10, 2024
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification Critical
CVE-2024-27317 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
PaddlePaddle vulnerable to remote code execution Critical
CVE-2024-0917 was published for paddlepaddle (pip) Mar 7, 2024
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service Critical
CVE-2024-10082 was published for codechecker (pip) Nov 6, 2024
Discookie
LlamaIndex includes an exec call for `import {cls_name}` Critical
CVE-2024-45201 was published for llama-index-core (pip) Aug 22, 2024
Waitress has request processing race condition in HTTP pipelining with invalid first request Critical
CVE-2024-49768 was published for waitress (pip) Oct 29, 2024
digitalresistor mmerickel
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43570 was published for com.starkbank.ellipticcurve:starkbank-ecdsa (Maven) Nov 10, 2021
tdunlap607 binary-1024
json-schema is vulnerable to Prototype Pollution Critical
CVE-2021-3918 was published for json-schema (npm) Nov 19, 2021
Mongoose search injection vulnerability Critical
CVE-2025-23061 was published for mongoose (npm) Jan 15, 2025
skrtheboss
Improper Restriction of XML External Entity Reference in Mulesoft APIkit Critical
CVE-2020-10991 was published for org.mule.modules:mule-apikit-module (Maven) May 24, 2022
binary-1024
Crayfish allows Remote Code Execution via Homarus Authorization header Critical
GHSA-mm6v-68qp-f9fw was published for islandora/crayfish (Composer) Jan 15, 2025
seth-shaw-asu adam-vessey
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database