GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,334
Maven
5,000+
npm
3,967
NuGet
713
pip
3,765
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+
664 advisories
Filter by severity
XWiki allows remote code execution through default value of wiki macro wiki-type parameters
High
CVE-2025-49581
was published
for
org.xwiki.platform:xwiki-platform-rendering-wikimacro-store
(Maven)
Jun 13, 2025
Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language
Moderate
CVE-2025-35036
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Jun 3, 2025
Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution
Low
CVE-2025-5321
was published
for
aim
(pip)
May 29, 2025
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Remote code execution via the `pretty` option.
Moderate
CVE-2021-21353
was published
for
pug
(npm)
Mar 3, 2021
Apache Pinot has Groovy Function support enabled by default
Critical
CVE-2022-26112
was published
for
org.apache.pinot:pinot
(Maven)
Sep 25, 2022
Langroid has a Code Injection vulnerability in TableChatAgent
Critical
CVE-2025-46724
was published
for
langroid
(pip)
May 20, 2025
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store
High
CVE-2025-46725
was published
for
langroid
(pip)
May 20, 2025
Dolibarr vulnerable to Eval Injection
Critical
CVE-2022-40871
was published
for
dolibarr/dolibarr
(Composer)
Oct 12, 2022
Apache IoTDB Vulnerable to Remote Code Execution
Critical
CVE-2024-24780
was published
for
org.apache.iotdb:iotdb-core
(Maven)
May 14, 2025
Cosmos EVM Allows Partial Precompile State Writes
High
GHSA-mjfq-3qr2-6g84
was published
for
github.com/cosmos/evm
(Go)
May 14, 2025
OZI-Project/ozi-publish Code Injection vulnerability
Moderate
CVE-2025-47271
was published
for
OZI-Project/publish
(GitHub Actions)
May 12, 2025
OPA server Data API HTTP path injection of Rego
High
CVE-2025-46569
was published
for
github.com/open-policy-agent/opa
(Go)
May 1, 2025
Froxlor vulnerable to Code Injection
Moderate
CVE-2022-3721
was published
for
froxlor/froxlor
(Composer)
Nov 4, 2022
Flair allows arbitrary code execution
Moderate
CVE-2024-10073
was published
for
flair
(pip)
Oct 17, 2024
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList
Critical
CVE-2024-55877
was published
for
org.xwiki.platform:xwiki-platform-help-ui
(Maven)
Dec 12, 2024
XWiki allows remote code execution through the extension sheet
Critical
CVE-2024-55662
was published
for
org.xwiki.platform:xwiki-platform-repository-server-ui
(Maven)
Dec 12, 2024
Badaso vulnerable to Remote Code Execution (RCE)
Critical
CVE-2022-41705
was published
for
badaso/core
(Composer)
Nov 25, 2022
Pug allows JavaScript code execution if an application accepts untrusted input
Moderate
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository
High
CVE-2025-3642
was published
for
moodle/moodle
(Composer)
Apr 25, 2025
Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository
High
CVE-2025-3641
was published
for
moodle/moodle
(Composer)
Apr 25, 2025
Craft CMS Allows Remote Code Execution
Critical
CVE-2025-32432
was published
for
craftcms/cms
(Composer)
Apr 25, 2025
ProTip!
Advisories are also available from the
GraphQL API