GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55638
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55637
was published
for
drupal/core
(Composer)
Dec 10, 2024
Remote Code Execution via Script (Python) objects under Python 3
High
CVE-2021-32811
was published
for
Zope
(pip)
Aug 5, 2021
A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their...
High
Unreviewed
CVE-2024-3283
was published
Apr 10, 2024
Class destructors causing side-effects when being unserialized in TYPO3 CMS
High
CVE-2020-11066
was published
for
typo3/cms
(Composer)
May 13, 2020
Phar object injection in PHPMailer
High
CVE-2018-19296
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Prototype Pollution in object-path
High
CVE-2021-3805
was published
for
object-path
(npm)
Sep 20, 2021
Prototype Pollution in node-forge
High
CVE-2020-7720
was published
for
node-forge
(npm)
Sep 14, 2020
Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User
High
CVE-2023-32079
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs
High
CVE-2020-7679
was published
for
casperjs
(npm)
May 17, 2021
Prototype Pollution in record-like-deep-assign
High
CVE-2021-23402
was published
for
record-like-deep-assign
(npm)
Dec 10, 2021
sqlite vulnerable to code execution due to Object coercion
High
CVE-2022-43441
was published
for
sqlite3
(npm)
Mar 13, 2023
Prototype Pollution in think-helper
High
CVE-2021-32736
was published
for
think-helper
(npm)
Jul 1, 2021
Prototype Pollution in Node-Red
High
CVE-2021-21297
was published
for
@node-red/runtime
(npm)
Feb 26, 2021
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an...
High
Unreviewed
CVE-2020-24036
was published
May 24, 2022
body-parser-xml vulnerable to Prototype Pollution
High
CVE-2021-3666
was published
for
body-parser-xml
(npm)
Sep 14, 2021
A vulnerability found in postgresql. On this security issue an attack requires permission to...
High
Unreviewed
CVE-2022-2625
was published
Aug 19, 2022
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318...
High
Unreviewed
CVE-2018-11135
was published
May 13, 2022
Prototype pollution in grpc and @grpc/grpc-js
High
CVE-2020-7768
was published
for
@grpc/grpc-js
(npm)
May 10, 2021
assign-deep Vulnerable to Prototype Pollution
High
CVE-2019-10745
was published
for
assign-deep
(npm)
Aug 21, 2019
ProTip!
Advisories are also available from the
GraphQL API