GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
High severity vulnerability that affects generator-jhipster
High
GHSA-mc84-xr9p-938r
was published
for
generator-jhipster
(npm)
Sep 23, 2019
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
High
CVE-2019-10240
was published
for
org.eclipse.hawkbit:hawkbit-autoconfigure
(Maven)
Apr 15, 2019
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
High
CVE-2020-8128
was published
for
jsreport
(npm)
Apr 13, 2021
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
High
CVE-2019-10248
was published
for
org.eclipse.vorto:org.eclipse.vorto.core
(Maven)
May 24, 2022
Unintended Require in larvitbase-api
High
CVE-2019-5479
was published
for
larvitbase-api
(npm)
Sep 11, 2019
PHPMailer untrusted code may be run from an overridden address validator
High
CVE-2021-3603
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
High
CVE-2024-24821
was published
for
composer/composer
(Composer)
Feb 8, 2024
Magento remote code execution vulnerability
High
CVE-2019-8154
was published
for
magento/community-edition
(Composer)
May 24, 2022
Drupal Remote code execution
High
CVE-2017-6381
was published
for
drupal/core
(Composer)
May 13, 2022
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
High
CVE-2021-20187
was published
for
moodle/moodle
(Composer)
May 24, 2022
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
High
CVE-2024-28184
was published
for
weasyprint
(pip)
Mar 8, 2024
Apache HDFS Provider error message suggested
High
CVE-2023-41267
was published
for
apache-airflow-providers-apache-hdfs
(pip)
Sep 14, 2023
Markdownify subject to Remote Code Execution via malicious markdown file
High
CVE-2022-41709
was published
for
electron-markdownify
(npm)
Oct 19, 2022
Kedro allows Remote Code Execution by Pulling Micro Packages
High
CVE-2024-12215
was published
for
kedro
(pip)
Mar 20, 2025
n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook
High
CVE-2025-62726
was published
for
n8n
(npm)
Oct 30, 2025
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
High
CVE-2025-64496
was published
for
open-webui
(npm)
Nov 7, 2025
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
High
CVE-2025-59828
was published
for
@anthropic-ai/claude-code
(npm)
Sep 24, 2025
Duplicate Advisory: Embedded malware in ua-parser-js
High
GHSA-236c-vhj4-gfxg
was published
for
ua-parser-js
(npm)
May 25, 2022
•
withdrawn
Embedded malware in ua-parser-js
High
CVE-2021-4229
was published
for
ua-parser-js
(npm)
Oct 22, 2021
Langflow affected by Remote Code Execution via validate_code() exec()
High
CVE-2026-0770
was published
for
langflow
(pip)
Jan 23, 2026
Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde
High
CVE-2026-26974
was published
for
@tygo-van-den-hurk/slyde
(npm)
Feb 18, 2026
OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`)
High
CVE-2026-32009
was published
for
openclaw
(npm)
Mar 3, 2026
Duplicate Advisory: OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories
High
GHSA-j5qh-5234-4rqp
was published
for
openclaw
(npm)
Mar 31, 2026
•
withdrawn
OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories
High
CVE-2026-32920
was published
for
openclaw
(npm)
Mar 13, 2026
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading
High
CVE-2026-40156
was published
for
praisonai
(pip)
Apr 10, 2026
ProTip!
Advisories are also available from the
GraphQL API