Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,361
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,794
NuGet
685
pip
3,473
Pub
12
RubyGems
895
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,120 advisories

Loading
Improper Control of Generation of Code ('Code Injection') in jai-ext Critical
CVE-2022-24816 was published for it.geosolutions.jaiext.jiffle:jt-jiffle (Maven) Sep 19, 2023
sikeoka
JSONPath Plus allows Remote Code Execution High
CVE-2025-1302 was published for jsonpath-plus (npm) Feb 15, 2025
The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all... Moderate Unreviewed
CVE-2024-13689 was published Feb 18, 2025
The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to... High Unreviewed
CVE-2024-13797 was published Feb 18, 2025
Withdrawn Advisory: Command injection in Ray Critical
CVE-2024-57000 was published for ray (pip) Feb 12, 2025 withdrawn
Remote code execution in alextselegidis/easyappointments Moderate
CVE-2024-57601 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary... High Unreviewed
CVE-2021-3267 was published Apr 4, 2023
Cross Site Scripting vulnerability in Zertificon Z1 SecureMail Z1 CertServer v.3.16.4-2516... Moderate Unreviewed
CVE-2024-51122 was published Feb 13, 2025
Apache StreamPark: FreeMarker SSTI RCE Vulnerability High
CVE-2024-29178 was published for org.apache.streampark:streampark (Maven) Jul 18, 2024
Apache InLong Manager Remote Code Execution vulnerability Critical
CVE-2023-51784 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation High
CVE-2023-5044 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
joshbressers
Apache Ambari: authenticated users could perform command injection to perform RCE High
CVE-2023-50379 was published for org.apache.ambari.contrib.views:ambari-contrib-views (Maven) Feb 27, 2024
oscerd
Apache NiFi Code Injection vulnerability High
CVE-2023-36542 was published for org.apache.nifi:nifi-cdc-mysql-bundle (Maven) Jul 29, 2023
RocketMQ NameServer component Code Injection vulnerability Critical
CVE-2023-37582 was published for org.apache.rocketmq:rocketmq-namesrv (Maven) Jul 12, 2023
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
Apache NiFi vulnerable to Code Injection High
CVE-2023-34468 was published for org.apache.nifi:nifi-dbcp-base (Maven) Jun 12, 2023
exceptionfactory
The CloudStack integration API service allows running its unauthenticated API server (usually on... Critical Unreviewed
CVE-2024-39864 was published Jul 5, 2024
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present.... Critical Unreviewed
CVE-2023-49070 was published Dec 5, 2023
AMI SPx contains a vulnerability in the BMC where a User may cause a improper control of... High Unreviewed
CVE-2023-34330 was published Jul 18, 2023
An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to... High Unreviewed
CVE-2023-27770 was published Apr 4, 2023
Unauthenticated remote code execution Critical Unreviewed
CVE-2023-3519 was published Jul 19, 2023
An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to... Moderate Unreviewed
CVE-2024-33469 was published Feb 12, 2025
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to... High Unreviewed
CVE-2024-13346 was published Feb 13, 2025
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2024-13345 was published Feb 13, 2025
codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE)... High Unreviewed
CVE-2023-26817 was published Apr 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database