Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,049 advisories

Content-Security-Policy header generation in middleware could be compromised by malicious injections High
CVE-2024-29896 was published for @kindspells/astro-shield (npm) Mar 29, 2024
castarco
RDoc RCE vulnerability with .rdoc_options High
CVE-2024-27281 was published for rdoc (RubyGems) Mar 25, 2024
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
RCE in TranformGraph().to_dot_graph function High
CVE-2023-41334 was published for astropy (pip) Mar 18, 2024
u32i
TurboBoost Commands vulnerable to arbitrary method invocation High
CVE-2024-28181 was published for @turbo-boost/commands (RubyGems) Mar 15, 2024
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x... Moderate Unreviewed
CVE-2024-2445 was published Mar 15, 2024
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server.... Moderate Unreviewed
CVE-2024-1883 was published Mar 14, 2024
This vulnerability allows an already authenticated admin user to create a malicious payload that... High Unreviewed
CVE-2024-1882 was published Mar 14, 2024
An injection vulnerability has been reported to affect several QNAP operating system versions. If... Moderate Unreviewed
CVE-2024-21900 was published Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2024-23268 was published Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2024-23274 was published Mar 8, 2024
Improper neutralization of special elements in output (CWE-74) used by the email generation... Moderate Unreviewed
CVE-2024-21838 was published Mar 5, 2024
A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected... Moderate Unreviewed
CVE-2024-2064 was published Mar 1, 2024
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The... Moderate Unreviewed
CVE-2024-1619 was published Feb 29, 2024
Pimcore Host Header Injection in user invitation link High
CVE-2024-25625 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 20, 2024
v0lck3r
MantisBT Host Header Injection vulnerability High
CVE-2024-23830 was published for mantisbt/mantisbt (Composer) Feb 20, 2024
dregad Kerkroups
shaozi plmaltais atrol
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could... High Unreviewed
CVE-2024-22319 was published Feb 2, 2024
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0... High Unreviewed
CVE-2023-51939 was published Feb 1, 2024
Craft CMS Feed-Me High
CVE-2023-36260 was published for craftcms/cms (Composer) Jan 30, 2024
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF High
CVE-2024-23828 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1
Host header injection in the password reset High
CVE-2024-23648 was published for pimcore/admin-ui-classic-bundle (Composer) Jan 24, 2024
Mathisca
The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the... Moderate Unreviewed
CVE-2021-4227 was published Jan 16, 2024
Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data... Critical Unreviewed
CVE-2023-22527 was published Jan 16, 2024
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed
CVE-2023-42136 was published Jan 15, 2024
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature... High Unreviewed
CVE-2023-4818 was published Jan 15, 2024
ProTip! Advisories are also available from the GraphQL API