Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
36
Go
2,522
Maven
5,000+
npm
4,176
NuGet
741
pip
3,965
Pub
12
RubyGems
947
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
Jenkins has a log message injection vulnerability Moderate
CVE-2025-59476 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
SimStudioAI: A function in route.ts is vulnerable to Code Injection Moderate
CVE-2025-10097 was published for simstudio (npm) Sep 8, 2025
AiondaDotCom mcp-ssh command injection vulnerability in SSH operations Moderate
CVE-2025-9654 was published for @aiondadotcom/mcp-ssh (npm) Aug 29, 2025
Craft CMS vulnerable to Remote Code Execution via validatePath bypass High
CVE-2023-40035 was published for craftcms/cms (Composer) Aug 21, 2023
awakerrday
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-5245 was published for io.dropwizard:dropwizard-validation (Maven) Feb 24, 2020
pwntester SunBK201
poc-effectiveness
CodeIgniter arbitrary code execution Critical
CVE-2016-10131 was published for bcit-ci/codeigniter (Composer) May 17, 2022
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
decsecre583
plugin.yaml file allows for duplicate entries in helm Low
CVE-2020-15187 was published for helm.sh/helm (Go) May 24, 2021
decsecre583
Remote code execution via the `pretty` option. Moderate
CVE-2021-21353 was published for pug (npm) Mar 3, 2021
Xuxueli xxl-job template injection vulnerability Low
CVE-2024-3366 was published for com.xuxueli:xxl-job-core (Maven) Apr 6, 2024
AnonySE26
Character injection in Hubble CLI Moderate
CVE-2025-48056 was published for github.com/cilium/hubble (Go) May 21, 2025
devodev bipierce-cisco
Cocotais Bot has builtin .echo command injection Moderate
CVE-2025-47948 was published for cocotais-bot (npm) May 19, 2025
Destroyed-Dream
Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution High
CVE-2020-13445 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Improper Input Validation and Injection in Apache Log4j2 Moderate
CVE-2021-44832 was published for org.apache.logging.log4j:log4j-core (Maven) Jan 4, 2022
ppkarwasz
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
Apereo CAS code injection vulnerability Low
CVE-2025-3984 was published for org.apereo.cas:cas-management-webapp-support (Maven) Apr 27, 2025
InternLM LMDeploy code injection vulnerability Moderate
CVE-2025-3163 was published for lmdeploy (pip) Apr 3, 2025
croogo Host header injection Moderate
CVE-2024-29643 was published for croogo/croogo (Composer) Apr 21, 2025
Apache Struts forced double OGNL evaluation High
CVE-2016-4461 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
cookie accepts cookie name, path, and domain with out of bounds characters Low
CVE-2024-47764 was published for cookie (npm) Oct 4, 2024
bewinsnw
phpMyAdmin vulnerable to Cross-site Scripting Moderate
CVE-2016-5701 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi lucasmrod
getvictor rh-colbymorgan jeffssh
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite Moderate
CVE-2025-27794 was published for flarum/core (Composer) Mar 12, 2025
novacuum imorland
field_test gem contains injection vulnerability Moderate
CVE-2019-13146 was published for field_test (RubyGems) Jul 16, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database