GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
PrestaShop eval injection possible if shop vulnerable to SQL injection
Critical
CVE-2022-31181
was published
for
prestashop/prestashop
(Composer)
Jul 29, 2022
React Editable Json Tree vulnerable to arbitrary code execution via function parsing
Critical
CVE-2022-36010
was published
for
react-editable-json-tree
(npm)
Aug 18, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui
Critical
CVE-2022-41931
was published
for
org.xwiki.platform:xwiki-platform-icon-ui
(Maven)
Nov 21, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
Critical
CVE-2022-41928
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Nov 21, 2022
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
Critical
CVE-2023-26477
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Mar 3, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
Critical
CVE-2023-29509
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability
Critical
CVE-2023-29209
was published
for
org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability
Critical
CVE-2023-29211
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
Apr 12, 2023
xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability
Critical
CVE-2023-29212
was published
for
org.xwiki.platform:xwiki-platform-panels-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability
Critical
CVE-2023-29214
was published
for
org.xwiki.platform:xwiki-platform-panels-ui
(Maven)
Apr 12, 2023
xwiki-platform-administration-ui vulnerable to privilege escalation
Critical
CVE-2023-29511
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability
Critical
CVE-2023-29210
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation
Critical
CVE-2023-30537
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
Apr 12, 2023
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Critical
CVE-2022-36100
was published
for
org.xwiki.platform.applications:xwiki-application-tag
(Maven)
Sep 16, 2022
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
Critical
CVE-2022-36099
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
Sep 16, 2022
Dolibarr vulnerable to Eval Injection
Critical
CVE-2022-40871
was published
for
dolibarr/dolibarr
(Composer)
Oct 12, 2022
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector
Critical
CVE-2023-29516
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Apr 20, 2023
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability
Critical
CVE-2023-37462
was published
for
org.xwiki.platform:xwiki-platform-skin-ui
(Maven)
Jul 14, 2023
org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability
Critical
CVE-2023-29213
was published
for
org.xwiki.platform:xwiki-platform-logging-ui
(Maven)
Apr 12, 2023
XWiki Platform privilege escalation (PR) from account through AWM content fields
Critical
CVE-2023-40177
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Aug 21, 2023
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest
Critical
CVE-2023-46731
was published
for
org.xwiki.platform:xwiki-platform-administration
(Maven)
Nov 8, 2023
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message
Critical
CVE-2023-37914
was published
for
org.xwiki.platform:xwiki-platform-invitation-ui
(Maven)
Aug 18, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults
Critical
CVE-2023-35152
was published
for
org.xwiki.platform:xwiki-platform-like-ui
(Maven)
Jun 20, 2023
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application
Critical
CVE-2023-35150
was published
for
org.xwiki.platform:xwiki-platform-invitation-ui
(Maven)
Jun 20, 2023
Remote code execution/programming rights with configuration section from any user account
Critical
CVE-2023-50723
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Dec 16, 2023
ProTip!
Advisories are also available from the
GraphQL API