GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,545
NuGet
620
pip
3,136
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
459 advisories
Filter by severity
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows...
High
Unreviewed
CVE-2023-39424
was published
Sep 7, 2023
Sandbox escape via various forms of "format".
High
CVE-2023-41039
was published
for
RestrictedPython
(pip)
Aug 30, 2023
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can...
High
Unreviewed
CVE-2023-4571
was published
Aug 30, 2023
Mattermost fails to restrict which parameters' values it takes from the request during signup...
High
Unreviewed
CVE-2023-4478
was published
Aug 25, 2023
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
High
CVE-2023-40035
was published
for
craftcms/cms
(Composer)
Aug 21, 2023
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute...
High
Unreviewed
CVE-2020-28848
was published
Aug 11, 2023
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2...
High
Unreviewed
CVE-2023-31209
was published
Aug 10, 2023
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the...
High
Unreviewed
CVE-2023-33242
was published
Aug 10, 2023
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability...
High
Unreviewed
CVE-2023-3997
was published
Jul 31, 2023
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2023-38609
was published
Jul 28, 2023
Improper Input Validation vulnerability in the ContentType parameter for attachments on...
High
Unreviewed
CVE-2023-38060
was published
Jul 24, 2023
grav Server-side Template Injection (SSTI) mitigation bypass
High
CVE-2023-37897
was published
for
getgrav/grav
(Composer)
Jul 19, 2023
An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest...
High
Unreviewed
CVE-2023-2760
was published
Jul 17, 2023
zenstruck/collection passing callable string to EntityRepository::find() and query()
High
CVE-2023-37473
was published
for
zenstruck/collection
(Composer)
Jul 14, 2023
Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration
High
CVE-2023-33234
was published
for
apache-airflow-providers-cncf-kubernetes
(pip)
Jul 6, 2023
Apache Ranger code execution vulnerability in policy expressions
High
CVE-2022-45048
was published
for
org.apache.ranger:ranger
(Maven)
Jul 6, 2023
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote...
High
Unreviewed
CVE-2023-34203
was published
Jun 23, 2023
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second...
High
Unreviewed
CVE-2023-35810
was published
Jun 18, 2023
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
High
CVE-2023-0040
was published
for
github.com/swift-server/async-http-client
(Swift)
Jun 7, 2023
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements...
High
Unreviewed
CVE-2023-30575
was published
Jun 7, 2023
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and...
High
Unreviewed
CVE-2019-25150
was published
Jun 7, 2023
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when...
High
Unreviewed
CVE-2023-26130
was published
May 30, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function
High
CVE-2023-26127
was published
for
n158
(npm)
May 27, 2023
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension
High
CVE-2023-32679
was published
for
craftcms/cms
(Composer)
May 22, 2023
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty...
High
Unreviewed
CVE-2023-29400
was published
May 11, 2023
ProTip!
Advisories are also available from the
GraphQL API