GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
353 advisories
Leantime has Host Header Injection Vulnerability
Moderate
GHSA-99r5-84gr-59f6
was published
for
leantime/leantime
(Composer)
Feb 21, 2025
Composer Remote Code Execution vulnerability via web-accessible composer.phar
High
CVE-2023-43655
was published
for
composer/composer
(Composer)
Sep 29, 2023
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header
Critical
GHSA-c2p2-hgjg-9r3f
was published
for
islandora/crayfish
(Composer)
Feb 12, 2025
ZX Allows Environment Variable Injection for dotenv API
Moderate
CVE-2025-24959
was published
for
zx
(npm)
Feb 3, 2025
Twig security issue where escaping was missing when using null coalesce operator
Moderate
CVE-2025-24374
was published
for
twig/twig
(Composer)
Jan 29, 2025
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
Git LFS permits exfiltration of credentials via crafted HTTP URLs
High
CVE-2024-53263
was published
for
github.com/git-lfs/git-lfs
(Go)
Jan 14, 2025
vault-cli contains possible RCE when reading user-defined data
Moderate
CVE-2021-43837
was published
for
vault-cli
(pip)
Dec 16, 2021
Ankitects Anki arbitrary script execution vulnerability
High
CVE-2024-26020
was published
for
anki
(pip)
Jul 22, 2024
dbt has an implicit override for built-in materializations from installed packages
Low
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API