GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
759 advisories
Filter by severity
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary...
Moderate
Unreviewed
CVE-2023-45540
was published
Oct 17, 2023
A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210....
Moderate
Unreviewed
CVE-2023-7039
was published
Dec 21, 2023
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET...
High
Unreviewed
CVE-2023-27533
was published
Mar 30, 2023
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to...
Critical
Unreviewed
CVE-2022-47583
was published
Oct 19, 2023
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote,...
Moderate
Unreviewed
CVE-2022-4145
was published
Oct 5, 2023
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that...
High
Unreviewed
CVE-2023-43835
was published
Oct 2, 2023
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname...
High
Unreviewed
CVE-2023-41580
was published
Oct 2, 2023
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8,...
High
Unreviewed
CVE-2023-3922
was published
Sep 29, 2023
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user...
Moderate
Unreviewed
CVE-2023-26148
was published
Sep 29, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user...
Moderate
Unreviewed
CVE-2023-26142
was published
Sep 19, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1...
Moderate
Unreviewed
CVE-2023-41834
was published
Sep 19, 2023
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to...
High
Unreviewed
CVE-2023-36250
was published
Sep 14, 2023
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field...
Moderate
Unreviewed
CVE-2023-4843
was published
Sep 8, 2023
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows...
High
Unreviewed
CVE-2023-39424
was published
Sep 7, 2023
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the...
Critical
Unreviewed
CVE-2023-1523
was published
Sep 1, 2023
Mattermost fails to restrict which parameters' values it takes from the request during signup...
High
Unreviewed
CVE-2023-4478
was published
Aug 25, 2023
?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats...
Moderate
Unreviewed
CVE-2023-4212
was published
Aug 22, 2023
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via...
Critical
Unreviewed
CVE-2022-24989
was published
Aug 20, 2023
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute...
High
Unreviewed
CVE-2020-28848
was published
Aug 11, 2023
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the...
High
Unreviewed
CVE-2023-33242
was published
Aug 10, 2023
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a...
Critical
Unreviewed
CVE-2023-33241
was published
Aug 10, 2023
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI...
Critical
Unreviewed
CVE-2023-39213
was published
Aug 9, 2023
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template...
Critical
Unreviewed
CVE-2023-36210
was published
Aug 1, 2023
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2023-38609
was published
Jul 28, 2023
Improper Input Validation vulnerability in the ContentType parameter for attachments on...
High
Unreviewed
CVE-2023-38060
was published
Jul 24, 2023
ProTip!
Advisories are also available from the
GraphQL API