GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a...
High
Unreviewed
CVE-2024-7297
was published
Jul 30, 2024
Langflow remote code execution vulnerability
High
CVE-2024-37014
was published
for
langflow
(pip)
Jun 10, 2024
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35491
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable...
High
Unreviewed
CVE-2023-31032
was published
Jan 12, 2024
RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
High
CVE-2023-37271
was published
for
RestrictedPython
(pip)
Jul 10, 2023
Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources
High
CVE-2021-23267
was published
for
org.craftercms:crafter-studio
(Maven)
May 17, 2022
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources
High
CVE-2022-40634
was published
for
org.craftercms:crafter-studio
(Maven)
Sep 14, 2022
sqlite vulnerable to code execution due to Object coercion
High
CVE-2022-43441
was published
for
sqlite3
(npm)
Mar 13, 2023
In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they...
High
Unreviewed
CVE-2022-25265
was published
Feb 17, 2022
A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol...
High
Unreviewed
CVE-2019-1617
was published
May 13, 2022
Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection...
High
Unreviewed
CVE-2021-42809
was published
Dec 21, 2021
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy...
High
Unreviewed
CVE-2021-23259
was published
Dec 3, 2021
Authenticated users with Administrator or Developer roles may execute OS commands by SPEL...
High
Unreviewed
CVE-2021-23258
was published
Dec 3, 2021
Authenticated administrators may modify the main YAML configuration file and load a Java class...
High
Unreviewed
CVE-2021-23262
was published
Dec 3, 2021
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
High
CVE-2020-25802
was published
for
org.craftercms:crafter-studio
(Maven)
Feb 9, 2022
Use of Potentially Dangerous Function in mixme
High
CVE-2021-29491
was published
for
mixme
(npm)
May 6, 2021
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
High
CVE-2020-25803
was published
for
org.craftercms:crafter-studio
(Maven)
Feb 9, 2022
Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate
High
CVE-2021-21413
was published
for
isolated-vm
(npm)
Apr 6, 2021
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the...
High
Unreviewed
CVE-2022-39051
was published
Sep 6, 2022
CrafterCMS OS Command Injection vulnerability
High
CVE-2022-40635
was published
for
org.craftercms:craftercms
(Maven)
Sep 14, 2022
A vulnerability found in postgresql. On this security issue an attack requires permission to...
High
Unreviewed
CVE-2022-2625
was published
Aug 19, 2022
ProTip!
Advisories are also available from the
GraphQL API