GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
82 advisories
Filter by severity
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55637
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
Low
CVE-2024-55636
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55638
was published
for
drupal/core
(Composer)
Dec 10, 2024
Remote code execution in pytorch lightning
Critical
CVE-2024-5452
was published
for
lightning
(pip)
Jun 6, 2024
A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs...
Critical
Unreviewed
CVE-2024-0404
was published
Apr 16, 2024
A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their...
High
Unreviewed
CVE-2024-3283
was published
Apr 10, 2024
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the...
Moderate
Unreviewed
CVE-2023-39983
was published
Sep 2, 2023
Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User
High
CVE-2023-32079
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
sqlite vulnerable to code execution due to Object coercion
High
CVE-2022-43441
was published
for
sqlite3
(npm)
Mar 13, 2023
A vulnerability found in postgresql. On this security issue an attack requires permission to...
High
Unreviewed
CVE-2022-2625
was published
Aug 19, 2022
qcubed PHP object injection
Critical
CVE-2020-24914
was published
for
qcubed/qcubed
(Composer)
May 24, 2022
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an...
High
Unreviewed
CVE-2020-24036
was published
May 24, 2022
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions...
Moderate
Unreviewed
CVE-2020-11872
was published
May 24, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm...
High
Unreviewed
CVE-2019-9058
was published
May 13, 2022
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images)...
High
Unreviewed
CVE-2018-6195
was published
May 13, 2022
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318...
High
Unreviewed
CVE-2018-11135
was published
May 13, 2022
Prototype Pollution in deepmerge-ts
High
CVE-2022-24802
was published
for
deepmerge-ts
(npm)
Apr 1, 2022
Uncontrolled Resource Consumption in fun-map
High
CVE-2020-7644
was published
for
fun-map
(npm)
Dec 10, 2021
Prototype Pollution in record-like-deep-assign
High
CVE-2021-23402
was published
for
record-like-deep-assign
(npm)
Dec 10, 2021
Prototype polluation in just-safe-set
Critical
CVE-2021-25952
was published
for
just-safe-set
(npm)
Dec 10, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware
Moderate
CVE-2020-7616
was published
for
express-mock-middleware
(npm)
Dec 9, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
Critical
CVE-2019-0230
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 2, 2021
ProTip!
Advisories are also available from the
GraphQL API