Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,891
Erlang
24
GitHub Actions
39
Go
2,240
Maven
2,698
npm
2,899
NuGet
500
pip
2,728
Pub
5
RubyGems
364
Rust
889
Swift
19
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
PrestaShop eval injection possible if shop vulnerable to SQL injection Critical
CVE-2022-31181 was published for prestashop/prestashop (Composer) Jul 29, 2022
React Editable Json Tree vulnerable to arbitrary code execution via function parsing Critical
CVE-2022-36010 was published for react-editable-json-tree (npm) Aug 18, 2022
Phanabani Credited to Phanabani and oxyno-zeta oxyno-zeta oxyno-zeta
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection Critical
CVE-2022-36100 was published for org.xwiki.platform.applications:xwiki-application-tag (Maven) Sep 16, 2022
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability Critical
CVE-2022-36099 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) Sep 16, 2022
Dolibarr vulnerable to Eval Injection Critical
CVE-2022-40871 was published for dolibarr/dolibarr (Composer) Oct 12, 2022
org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability Critical
CVE-2023-29209 was published for org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability Critical
CVE-2023-29210 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability Critical
CVE-2023-29211 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) Apr 12, 2023
xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability Critical
CVE-2023-29212 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability Critical
CVE-2023-29213 was published for org.xwiki.platform:xwiki-platform-logging-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability Critical
CVE-2023-29214 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability Critical
CVE-2023-29509 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation Critical
CVE-2023-30537 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Apr 12, 2023
xwiki-platform-administration-ui vulnerable to privilege escalation Critical
CVE-2023-29511 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Apr 12, 2023
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector Critical
CVE-2023-29516 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application Critical
CVE-2023-35150 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Jun 20, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults Critical
CVE-2023-35152 was published for org.xwiki.platform:xwiki-platform-like-ui (Maven) Jun 20, 2023
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message Critical
CVE-2023-37914 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Aug 18, 2023
Remote code execution/programming rights with configuration section from any user account Critical
CVE-2023-50723 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 16, 2023
Arbitrary Code Execution in Pillow Critical
CVE-2023-50447 was published for Pillow (pip) Jan 19, 2024
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet Critical
CVE-2024-31465 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Apr 10, 2024
XWiki Platform: Remote code execution as guest via DatabaseSearch Critical
CVE-2024-31982 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Apr 10, 2024
XWiki Platform: Remote code execution through space title and Solr space facet Critical
CVE-2024-31984 was published for org.xwiki.platform:xwiki-platform-search-solr-ui (Maven) Apr 10, 2024
XWiki Platform CSRF remote code execution through scheduler job's document reference Critical
CVE-2024-31986 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Apr 10, 2024
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution Critical
CVE-2024-31996 was published for org.xwiki.commons:xwiki-commons-velocity (Maven) Apr 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database