Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice Low
CVE-2025-61924 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o
Credited to iNem0o
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit... High Unreviewed
CVE-2025-48732 was published Jul 24, 2025
A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow... Low Unreviewed
CVE-2025-24388 was published Jun 16, 2025
A vulnerability exists in the media upload component of the Asset Suite versions listed below.... Moderate Unreviewed
CVE-2025-1484 was published May 30, 2025
Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate Moderate
GHSA-4p4h-9gvq-7xfg was published for picklescan (pip) Apr 24, 2025 withdrawn
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker... High Unreviewed
CVE-2025-29822 was published Apr 8, 2025
Picklescan missing detection when calling built-in python library function timeit.timeit() Moderate
GHSA-v7x6-rv5q-mhwc was published for picklescan (pip) Apr 7, 2025
SeaW1nd
Credited to SeaW1nd
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate High
CVE-2025-46417 was published for picklescan (pip) Apr 7, 2025
david3107
Credited to david3107
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
CVE-2025-1716 was published for picklescan (pip) Mar 3, 2025
madgetr
Credited to madgetr
Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
GHSA-vr75-hjh9-7fr6 was published for picklescan (pip) Mar 3, 2025 withdrawn
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion High
CVE-2024-54149 was published for winter/wn-cms-module (Composer) Dec 9, 2024
bennothommo
Credited to bennothommo
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer frenzymadness
Credited to JorianWoltjer and frenzymadness
Wasmtime doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51745 was published for wasmtime (Rust) Nov 5, 2024
nathaniel-daniel
Credited to nathaniel-daniel
Ankitects Anki LaTeX Blocklist Bypass vulnerability Low
CVE-2024-32152 was published for anki (pip) Jul 22, 2024
Jayy001
Credited to Jayy001
ServiceNow has addressed a sensitive file read vulnerability that was identified in the... Moderate Unreviewed
CVE-2024-5178 was published Jul 10, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Washington... Critical Unreviewed
CVE-2024-5217 was published Jul 10, 2024
Microsoft Outlook Remote Code Execution Vulnerability High Unreviewed
CVE-2024-30103 was published Jun 11, 2024
A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated,... Moderate Unreviewed
CVE-2024-20278 was published Mar 27, 2024
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols Moderate
CVE-2024-28246 was published for katex (npm) Mar 25, 2024
7085 edemaine
jupenur
Credited to 7085, edemaine, and jupenur
A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser ... Moderate Unreviewed
CVE-2023-45593 was published Mar 5, 2024
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code Critical
CVE-2023-45133 was published for @babel/traverse (npm) Oct 16, 2023
SteakEnthusiast ashdude1401
nicolo-ribaudo Apetree100122 ebickle
Credited to SteakEnthusiast, ashdude1401, nicolo-ribaudo, Apetree100122, and ebickle
Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This... Critical Unreviewed
CVE-2023-3374 was published Sep 5, 2023
Apache NiFi Insufficient Property Validation vulnerability Moderate
CVE-2023-40037 was published for org.apache.nifi:nifi-dbcp-base (Maven) Aug 19, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This... High Unreviewed
CVE-2023-23844 was published Jul 26, 2023
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry teemingc dominikg
Credited to v1ktor0t, benmccann, Conduitry, teemingc, and dominikg
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database