Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,089 advisories

Loading
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Low Unreviewed
CVE-2024-37253 was published Jul 9, 2024
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35059 was published for ait-core (pip) May 21, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows... Critical Unreviewed
CVE-2024-39704 was published Jul 3, 2024
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay... Critical Unreviewed
CVE-2024-34919 was published May 17, 2024
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run... High Unreviewed
CVE-2023-46304 was published Apr 30, 2024
By sending specific queries to the resolver, an attacker can cause named to crash. High Unreviewed
CVE-2022-3080 was published Sep 22, 2022
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection Critical
CVE-2021-43350 was published for github.com/apache/trafficcontrol (Go) May 24, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Moderate Unreviewed
CVE-2024-35728 was published Jun 10, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Moderate Unreviewed
CVE-2024-35680 was published Jun 10, 2024
tqdm CLI arguments injection attack Low
CVE-2024-34062 was published for tqdm (pip) May 3, 2024
CopperEagle
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
Zend-Mail remote code execution in zend-mail via Sendmail adapter High
GHSA-cxf7-m5g2-v594 was published for zendframework/zend-mail (Composer) Jun 7, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter Moderate
GHSA-gff2-p6vm-3p8g was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Potential Proxy Injection Vulnerabilities Moderate
GHSA-mg7h-9qfx-4r83 was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc` High
GHSA-jq87-2wxp-8349 was published for zendframework/zendframework (Composer) Jun 7, 2024
The EmailGPT service contains a prompt injection vulnerability. The service uses an API service... Moderate Unreviewed
CVE-2024-5184 was published Jun 5, 2024
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-5245 was published for io.dropwizard:dropwizard-validation (Maven) Feb 24, 2020
pwntester SunBK201
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Moderate Unreviewed
CVE-2023-23738 was published Jun 4, 2024
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3 Moderate
CVE-2021-21303 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution Critical
GHSA-cc97-g92w-jm65 was published for typo3/cms-core (Composer) May 30, 2024
Twig remote code execution in templates High
CVE-2015-7809 was published for twig/twig (Composer) May 14, 2022
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension Moderate
GHSA-g5vj-wj9x-4jg9 was published for symbiote/silverstripe-multivaluefield (Composer) May 29, 2024
SimpleSAMLphp Link Injection vulnerability Moderate
GHSA-v858-922f-fj9v was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
silverstripe/framework code execution vulnerability High
GHSA-vgxh-x8jv-hmff was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework CSV Excel Macro Injection High
GHSA-mqjc-x563-c9q8 was published for silverstripe/framework (Composer) May 27, 2024
ProTip! Advisories are also available from the GraphQL API