Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

437 advisories

Loading
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Moderate Unreviewed
CVE-2023-23738 was published Jun 4, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension Moderate
GHSA-g5vj-wj9x-4jg9 was published for symbiote/silverstripe-multivaluefield (Composer) May 29, 2024
SimpleSAMLphp Link Injection vulnerability Moderate
GHSA-v858-922f-fj9v was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
Pusher Service Channel Authentication Bypass Moderate
GHSA-7v7m-pcw5-h3cg was published for pusher/pusher-php-server (Composer) May 20, 2024
Contao: Insufficient BBCode sanitizer Moderate
CVE-2024-28234 was published for contao/comments-bundle (Composer) Apr 9, 2024
m-vo
Un-sanitized metric name or labels can be used to take over exported metrics Moderate
CVE-2024-28867 was published for github.com/swift-server/swift-prometheus (Swift) Mar 29, 2024
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x... Moderate Unreviewed
CVE-2024-2445 was published Mar 15, 2024
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server.... Moderate Unreviewed
CVE-2024-1883 was published Mar 14, 2024
An injection vulnerability has been reported to affect several QNAP operating system versions. If... Moderate Unreviewed
CVE-2024-21900 was published Mar 8, 2024
Improper neutralization of special elements in output (CWE-74) used by the email generation... Moderate Unreviewed
CVE-2024-21838 was published Mar 5, 2024
A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected... Moderate Unreviewed
CVE-2024-2064 was published Mar 1, 2024
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The... Moderate Unreviewed
CVE-2024-1619 was published Feb 29, 2024
The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the... Moderate Unreviewed
CVE-2021-4227 was published Jan 16, 2024
PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow... Moderate Unreviewed
CVE-2023-42135 was published Jan 15, 2024
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection.... Moderate Unreviewed
CVE-2023-31025 was published Jan 12, 2024
pyload Log Injection vulnerability Moderate
CVE-2024-21645 was published for pyload-ng (pip) Jan 8, 2024
PinkDraconian
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. Moderate Unreviewed
CVE-2023-50093 was published Jan 3, 2024
ewen-lbh/ffcss Late-Unicode normalization vulnerability Moderate
CVE-2023-52081 was published for github.com/ewen-lbh/ffcss (Go) Dec 28, 2023
Sim4n6
A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210.... Moderate Unreviewed
CVE-2023-7039 was published Dec 21, 2023
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI... Moderate Unreviewed
CVE-2023-35895 was published Dec 20, 2023
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated... Moderate Unreviewed
CVE-2023-48205 was published Dec 7, 2023
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or... Moderate Unreviewed
CVE-2023-6174 was published Nov 16, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9... Moderate Unreviewed
CVE-2023-4767 was published Nov 3, 2023
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow... Moderate Unreviewed
CVE-2023-4393 was published Oct 30, 2023
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary... Moderate Unreviewed
CVE-2023-45540 was published Oct 17, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database