Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

124 advisories

Loading
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Critical Unreviewed
CVE-2023-44373 was published Nov 14, 2023
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS... Critical Unreviewed
CVE-2024-42914 was published Aug 23, 2024
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)... Critical Unreviewed
CVE-2024-40324 was published Jul 25, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39227 was published Aug 6, 2024
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)... Critical Unreviewed
CVE-2024-37759 was published Jun 24, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows... Critical Unreviewed
CVE-2024-39704 was published Jul 3, 2024
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay... Critical Unreviewed
CVE-2024-34919 was published May 17, 2024
An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions... Critical Unreviewed
CVE-2023-33566 was published Jun 27, 2023
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to... Critical Unreviewed
CVE-2022-47583 was published Oct 19, 2023
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the... Critical Unreviewed
CVE-2023-1523 was published Sep 1, 2023
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via... Critical Unreviewed
CVE-2022-24989 was published Aug 20, 2023
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a... Critical Unreviewed
CVE-2023-33241 was published Aug 10, 2023
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI... Critical Unreviewed
CVE-2023-39213 was published Aug 9, 2023
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template... Critical Unreviewed
CVE-2023-36210 was published Aug 1, 2023
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates... Critical Unreviewed
CVE-2023-24540 was published May 11, 2023
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager... Critical Unreviewed
CVE-2020-15348 was published May 24, 2022
Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64... Critical Unreviewed
CVE-2020-5505 was published May 24, 2022
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by... Critical Unreviewed
CVE-2019-19330 was published May 24, 2022
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may... Critical Unreviewed
CVE-2019-9535 was published May 24, 2022
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection. Critical Unreviewed
CVE-2017-18583 was published May 24, 2022
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as... Critical Unreviewed
CVE-2019-12966 was published May 24, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules... Critical Unreviewed
CVE-2016-8900 was published May 24, 2022
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. Critical Unreviewed
CVE-2016-8901 was published May 24, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules... Critical Unreviewed
CVE-2016-8899 was published May 24, 2022
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data Critical Unreviewed
CVE-2014-3700 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API