Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,054 advisories

Loading
Host header injection in the password reset High
CVE-2024-23648 was published for pimcore/admin-ui-classic-bundle (Composer) Jan 24, 2024
Mathisca
The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the... Moderate Unreviewed
CVE-2021-4227 was published Jan 16, 2024
Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data... Critical Unreviewed
CVE-2023-22527 was published Jan 16, 2024
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature... High Unreviewed
CVE-2023-4818 was published Jan 15, 2024
PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow... Moderate Unreviewed
CVE-2023-42135 was published Jan 15, 2024
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed
CVE-2023-42136 was published Jan 15, 2024
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized... Critical Unreviewed
CVE-2024-0552 was published Jan 15, 2024
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection.... Moderate Unreviewed
CVE-2023-31025 was published Jan 12, 2024
pyload Log Injection vulnerability Moderate
CVE-2024-21645 was published for pyload-ng (pip) Jan 8, 2024
PinkDraconian
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter... High Unreviewed
CVE-2023-29050 was published Jan 8, 2024
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit... Low Unreviewed
CVE-2023-6004 was published Jan 3, 2024
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. Moderate Unreviewed
CVE-2023-50093 was published Jan 3, 2024
CouchAuth host header injection vulnerability leaks the password reset token High
CVE-2023-39655 was published for @perfood/couch-auth (npm) Jan 3, 2024
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271) High
CVE-2023-51664 was published for tj-actions/changed-files (GitHub Actions) Jan 2, 2024
jorgectf jsoref
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker... High Unreviewed
CVE-2023-7114 was published Dec 29, 2023
ewen-lbh/ffcss Late-Unicode normalization vulnerability Moderate
CVE-2023-52081 was published for github.com/ewen-lbh/ffcss (Go) Dec 28, 2023
Sim4n6
On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication... High Unreviewed
CVE-2023-49328 was published Dec 25, 2023
A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210.... Moderate Unreviewed
CVE-2023-7039 was published Dec 21, 2023
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI... Moderate Unreviewed
CVE-2023-35895 was published Dec 20, 2023
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell... Critical Unreviewed
CVE-2023-46456 was published Dec 12, 2023
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting... High Unreviewed
CVE-2023-49964 was published Dec 11, 2023
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the... High Unreviewed
CVE-2023-48826 was published Dec 7, 2023
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. High Unreviewed
CVE-2023-48830 was published Dec 7, 2023
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. High Unreviewed
CVE-2023-48835 was published Dec 7, 2023
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. High Unreviewed
CVE-2023-48841 was published Dec 7, 2023
ProTip! Advisories are also available from the GraphQL API