Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

41 advisories

Loading
High severity vulnerability that affects generator-jhipster High
GHSA-mc84-xr9p-938r was published for generator-jhipster (npm) Sep 23, 2019
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS High
CVE-2019-10248 was published for org.eclipse.vorto:org.eclipse.vorto.core (Maven) May 24, 2022
Unintended Require in larvitbase-api High
CVE-2019-5479 was published for larvitbase-api (npm) Sep 11, 2019
PHPMailer untrusted code may be run from an overridden address validator High
CVE-2021-3603 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
0xcrypto Credited to 0xcrypto
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php High
CVE-2024-24821 was published for composer/composer (Composer) Feb 8, 2024
edonsec Credited to edonsec
Magento remote code execution vulnerability High
CVE-2019-8154 was published for magento/community-edition (Composer) May 24, 2022
Drupal Remote code execution High
CVE-2017-6381 was published for drupal/core (Composer) May 13, 2022
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration High
CVE-2021-20187 was published for moodle/moodle (Composer) May 24, 2022
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF High
CVE-2024-28184 was published for weasyprint (pip) Mar 8, 2024
nullie Credited to nullie
Apache HDFS Provider error message suggested High
CVE-2023-41267 was published for apache-airflow-providers-apache-hdfs (pip) Sep 14, 2023
oscerd Credited to oscerd
Markdownify subject to Remote Code Execution via malicious markdown file High
CVE-2022-41709 was published for electron-markdownify (npm) Oct 19, 2022
Kedro allows Remote Code Execution by Pulling Micro Packages High
CVE-2024-12215 was published for kedro (pip) Mar 20, 2025
n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook High
CVE-2025-62726 was published for n8n (npm) Oct 30, 2025
assaf-levkovich-jf Credited to assaf-levkovich-jf
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events High
CVE-2025-64496 was published for open-webui (npm) Nov 7, 2025
vitalysim Credited to vitalysim
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions High
CVE-2025-59828 was published for @anthropic-ai/claude-code (npm) Sep 24, 2025
cai0duque Credited to cai0duque
Duplicate Advisory: Embedded malware in ua-parser-js High
GHSA-236c-vhj4-gfxg was published for ua-parser-js (npm) May 25, 2022 withdrawn
Embedded malware in ua-parser-js High
CVE-2021-4229 was published for ua-parser-js (npm) Oct 22, 2021
xtqqczze Credited to xtqqczze and faisalman faisalman faisalman
Langflow affected by Remote Code Execution via validate_code() exec() High
CVE-2026-0770 was published for langflow (pip) Jan 23, 2026
affix Credited to affix
Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde High
CVE-2026-26974 was published for @tygo-van-den-hurk/slyde (npm) Feb 18, 2026
Tygo-van-den-Hurk Credited to Tygo-van-den-Hurk
OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`) High
CVE-2026-32009 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Duplicate Advisory: OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories High
GHSA-j5qh-5234-4rqp was published for openclaw (npm) Mar 31, 2026 withdrawn
OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories High
CVE-2026-32920 was published for openclaw (npm) Mar 13, 2026
lintsinghua Credited to lintsinghua
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading High
CVE-2026-40156 was published for praisonai (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
ProTip! Advisories are also available from the GraphQL API