Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

218 advisories

Loading
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS... Critical Unreviewed
CVE-2024-42914 was published Aug 23, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39227 was published Aug 6, 2024
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)... Critical Unreviewed
CVE-2024-40324 was published Jul 25, 2024
Ankitects Anki arbitrary script execution vulnerability Critical
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows... Critical Unreviewed
CVE-2024-39704 was published Jul 3, 2024
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)... Critical Unreviewed
CVE-2024-37759 was published Jun 24, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution Critical
GHSA-cc97-g92w-jm65 was published for typo3/cms-core (Composer) May 30, 2024
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35059 was published for ait-core (pip) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-7336-ghhp-f2qj was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-q3g4-2vw9-xv27 was published for shopware/shopware (Composer) May 21, 2024
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay... Critical Unreviewed
CVE-2024-34919 was published May 17, 2024
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data... Critical Unreviewed
CVE-2023-22527 was published Jan 16, 2024
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized... Critical Unreviewed
CVE-2024-0552 was published Jan 15, 2024
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell... Critical Unreviewed
CVE-2023-46456 was published Dec 12, 2023
This Template Injection vulnerability allows an authenticated attacker, including one with... Critical Unreviewed
CVE-2023-22522 was published Dec 6, 2023
Usedesk before 1.7.57 allows chat template injection. Critical Unreviewed
CVE-2023-49214 was published Nov 24, 2023
The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user... Critical Unreviewed
CVE-2023-5340 was published Nov 20, 2023
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Critical Unreviewed
CVE-2023-44373 was published Nov 14, 2023
Langchain SQL Injection vulnerability Critical
CVE-2023-32785 was published for langchain (pip) Oct 21, 2023
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to... Critical Unreviewed
CVE-2022-47583 was published Oct 19, 2023
Cachet vulnerable to Authenticated Remote Code Execution Critical
CVE-2023-43661 was published for cachethq/cachet (Composer) Oct 16, 2023
rive-n
Searchor CLI's Search vulnerable to Arbitrary Code using Eval Critical
CVE-2023-43364 was published for searchor (pip) Sep 25, 2023
ProTip! Advisories are also available from the GraphQL API