GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,716
Erlang
35
GitHub Actions
29
Go
2,304
Maven
5,000+
npm
3,946
NuGet
711
pip
3,719
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
122 advisories
Filter by severity
A flaw was found in Yelp. The Gnome user help application allows the help document to execute...
Moderate
Unreviewed
CVE-2025-3155
was published
Apr 3, 2025
Markdownify subject to Remote Code Execution via malicious markdown file
High
CVE-2022-41709
was published
for
electron-markdownify
(npm)
Oct 19, 2022
Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd...
Moderate
Unreviewed
CVE-2024-52976
was published
May 1, 2025
In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This...
Moderate
Unreviewed
CVE-2025-33027
was published
Apr 15, 2025
In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability...
Moderate
Unreviewed
CVE-2025-33026
was published
Apr 15, 2025
A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated,...
High
Unreviewed
CVE-2025-20236
was published
Apr 16, 2025
An iframe that was not permitted to run scripts could do so if the user clicked on a <code...
High
Unreviewed
CVE-2022-34468
was published
Dec 22, 2022
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B...
High
Unreviewed
CVE-2024-45482
was published
Mar 25, 2025
Kedro allows Remote Code Execution by Pulling Micro Packages
High
CVE-2024-12215
was published
for
kedro
(pip)
Mar 20, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923...
Critical
Unreviewed
CVE-2025-27668
was published
Mar 5, 2025
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin...
High
Unreviewed
CVE-2024-13353
was published
Feb 21, 2025
Apache HDFS Provider error message suggested
High
CVE-2023-41267
was published
for
apache-airflow-providers-apache-hdfs
(pip)
Sep 14, 2023
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
High
CVE-2024-28184
was published
for
weasyprint
(pip)
Mar 8, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Moderate
Unreviewed
CVE-2024-56216
was published
Dec 31, 2024
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an...
Critical
Unreviewed
CVE-2025-0982
was published
Feb 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Critical
Unreviewed
CVE-2024-49649
was published
Jan 7, 2025
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel,...
Moderate
Unreviewed
CVE-2024-4359
was published
Aug 12, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
High
Unreviewed
CVE-2024-53800
was published
Jan 7, 2025
An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and...
High
Unreviewed
CVE-2024-54663
was published
Dec 20, 2024
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information...
Critical
Unreviewed
CVE-2024-38476
was published
Jul 1, 2024
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Low
CVE-2022-4134
was published
for
glance
(pip)
Mar 7, 2023
The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does...
High
Unreviewed
CVE-2024-48336
was published
Nov 4, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
High
Unreviewed
CVE-2024-50497
was published
Oct 28, 2024
Improper Locking in JetBrains Kotlin
Moderate
CVE-2022-24329
was published
for
org.jetbrains.kotlin:kotlin-stdlib
(Maven)
Feb 26, 2022
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
High
Unreviewed
CVE-2024-49243
was published
Oct 18, 2024
ProTip!
Advisories are also available from the
GraphQL API