Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

81 advisories

Loading
Improper Input Validation in Apache Struts High
CVE-2006-1547 was published for struts:struts (Maven) May 1, 2022
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform ... Moderate Unreviewed
CVE-2010-1428 was published May 2, 2022
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka... Moderate Unreviewed
CVE-2010-0738 was published May 2, 2022
Opening a malicious website while running a Nuxt dev server could allow read-only access to code Moderate
CVE-2025-24361 was published for @nuxt/rspack-builder (npm) Jan 27, 2025
sapphi-red
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape High
CVE-2025-24359 was published for asteval (pip) Jan 24, 2025
SteakEnthusiast
ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape High
GHSA-vp47-9734-prjw was published for asteval (pip) Jan 23, 2025
SteakEnthusiast
TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55945 was published for typo3/cms-lowlevel (Composer) Jan 14, 2025
TYPO3 Scheduler Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55924 was published for typo3/cms-scheduler (Composer) Jan 14, 2025
TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55923 was published for typo3/cms-indexed-search (Composer) Jan 14, 2025
TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55922 was published for typo3/cms-form (Composer) Jan 14, 2025
TYPO3 Extension Manager Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55921 was published for typo3/cms-extensionmanager (Composer) Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Dashboard Module Moderate
CVE-2024-55920 was published for typo3/cms-dashboard (Composer) Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Backend User Module Moderate
CVE-2024-55894 was published for typo3/cms-beuser (Composer) Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Log Module Moderate
CVE-2024-55893 was published for typo3/cms-belog (Composer) Jan 14, 2025
Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource... Critical Unreviewed
CVE-2024-13242 was published Jan 9, 2025
Orchid Platform has Method Exposure Vulnerability in Modals Moderate
CVE-2024-51992 was published for orchid/platform (Composer) Nov 12, 2024
catferq
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2022-37365 was published Mar 29, 2023
PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability... High Unreviewed
CVE-2023-39470 was published Nov 22, 2024
Default installation of `synthetic-monitoring-agent` exposes sensitive information Moderate
CVE-2022-46156 was published for github.com/grafana/synthetic-monitoring-agent (Go) Sep 6, 2024
iamwillbar
Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by... High Unreviewed
CVE-2024-47005 was published Oct 25, 2024
The lack of access restriction to a resource from unauthorized users makes MXsecurity software... Moderate Unreviewed
CVE-2024-4739 was published Oct 18, 2024
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library Critical
GHSA-gcgw-q47m-prvj was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023 withdrawn
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go Critical
GHSA-92cg-ghq6-9587 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023 withdrawn
Duplicate Advisory: Privilege escalation in sap-xssec Critical
GHSA-p99h-pfg6-qrfg was published for sap-xssec (pip) Dec 12, 2023 withdrawn
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database