Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,732
Erlang
35
GitHub Actions
29
Go
2,310
Maven
5,000+
npm
3,949
NuGet
711
pip
3,728
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
A flaw was found in Yelp. The Gnome user help application allows the help document to execute... Moderate Unreviewed
CVE-2025-3155 was published Apr 3, 2025
Markdownify subject to Remote Code Execution via malicious markdown file High
CVE-2022-41709 was published for electron-markdownify (npm) Oct 19, 2022
Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd... Moderate Unreviewed
CVE-2024-52976 was published May 1, 2025
In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This... Moderate Unreviewed
CVE-2025-33027 was published Apr 15, 2025
In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability... Moderate Unreviewed
CVE-2025-33026 was published Apr 15, 2025
A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated,... High Unreviewed
CVE-2025-20236 was published Apr 16, 2025
An iframe that was not permitted to run scripts could do so if the user clicked on a <code... High Unreviewed
CVE-2022-34468 was published Dec 22, 2022
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B... High Unreviewed
CVE-2024-45482 was published Mar 25, 2025
Kedro allows Remote Code Execution by Pulling Micro Packages High
CVE-2024-12215 was published for kedro (pip) Mar 20, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27668 was published Mar 5, 2025
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin... High Unreviewed
CVE-2024-13353 was published Feb 21, 2025
Apache HDFS Provider error message suggested High
CVE-2023-41267 was published for apache-airflow-providers-apache-hdfs (pip) Sep 14, 2023
oscerd
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF High
CVE-2024-28184 was published for weasyprint (pip) Mar 8, 2024
nullie
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Moderate Unreviewed
CVE-2024-56216 was published Dec 31, 2024
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an... Critical Unreviewed
CVE-2025-0982 was published Feb 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2024-49649 was published Jan 7, 2025
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel,... Moderate Unreviewed
CVE-2024-4359 was published Aug 12, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2024-53800 was published Jan 7, 2025
An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and... High Unreviewed
CVE-2024-54663 was published Dec 20, 2024
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information... Critical Unreviewed
CVE-2024-38476 was published Jul 1, 2024
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability Low
CVE-2022-4134 was published for glance (pip) Mar 7, 2023
The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does... High Unreviewed
CVE-2024-48336 was published Nov 4, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2024-50497 was published Oct 28, 2024
Improper Locking in JetBrains Kotlin Moderate
CVE-2022-24329 was published for org.jetbrains.kotlin:kotlin-stdlib (Maven) Feb 26, 2022
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2024-49243 was published Oct 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database