GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
Privilege Escalation in Hibernate Validator
High
CVE-2017-7536
was published
for
org.hibernate:hibernate-validator
(Maven)
Jun 15, 2020
Use of Externally-Controlled Input to Select Classes or Code in Infinispan
High
CVE-2019-10174
was published
for
org.infinispan:infinispan-core
(Maven)
May 24, 2022
In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could...
High
Unreviewed
CVE-2022-26469
was published
Sep 7, 2022
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands...
High
Unreviewed
CVE-2018-5511
was published
May 13, 2022
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to...
High
Unreviewed
CVE-2024-0200
was published
Jan 16, 2024
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON)...
High
Unreviewed
CVE-2019-3834
was published
May 24, 2022
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code...
High
Unreviewed
CVE-2023-33652
was published
Jun 6, 2023
The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a...
High
Unreviewed
CVE-2023-0460
was published
Jul 6, 2023
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
StimulusReflex arbitrary method call
High
CVE-2024-28121
was published
for
stimulus_reflex
(RubyGems)
Mar 12, 2024
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the...
High
Unreviewed
CVE-2024-7059
was published
Nov 5, 2024
Unsafe Reflection in base Component class in yiisoft/yii2
High
CVE-2024-4990
was published
for
yiisoft/yii2
(Composer)
Jun 2, 2024
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework
High
CVE-2025-31119
was published
for
generator-jhipster-entity-audit
(npm)
Apr 4, 2025
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is...
High
Unreviewed
CVE-2024-6096
was published
Jul 24, 2024
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection...
High
Unreviewed
CVE-2025-3600
was published
May 14, 2025
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is...
High
Unreviewed
CVE-2024-8014
was published
Oct 9, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is...
High
Unreviewed
CVE-2024-8048
was published
Oct 9, 2024
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to...
High
Unreviewed
CVE-2025-2794
was published
Mar 31, 2025
AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance
High
CVE-2025-12967
was published
for
aws_advanced_python_wrapper
(pip)
Nov 13, 2025
Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance
High
GHSA-7xw4-g7mm-r4hh
was published
for
software.amazon.jdbc:aws-advanced-jdbc-wrapper
(Maven)
Nov 13, 2025
AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance
High
GHSA-8wj8-cfxr-9374
was published
for
aws-advanced-nodejs-wrapper
(npm)
Nov 13, 2025
Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior
High
CVE-2025-68455
was published
for
craftcms/cms
(Composer)
Jan 5, 2026
Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior
High
CVE-2026-25498
was published
for
craftcms/cms
(Composer)
Feb 9, 2026
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels...
High
Unreviewed
CVE-2023-32217
was published
Jul 6, 2023
Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware
High
GHSA-cwxj-rr6w-m6w7
was published
for
Scrapy
(pip)
Mar 13, 2026
ProTip!
Advisories are also available from the
GraphQL API