GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,087
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
93,465 advisories
Filter by severity
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS...
High
Unreviewed
CVE-2023-22789
was published
Jul 6, 2023
SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No...
High
Unreviewed
CVE-2023-31038
was published
Jul 6, 2023
AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and...
High
Unreviewed
CVE-2023-31179
was published
Jul 6, 2023
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer...
High
Unreviewed
CVE-2023-2575
was published
Jul 6, 2023
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the...
High
Unreviewed
CVE-2023-22787
was published
Jul 6, 2023
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS...
High
Unreviewed
CVE-2023-22790
was published
Jul 6, 2023
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as...
High
Unreviewed
CVE-2023-2534
was published
Jul 6, 2023
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in...
High
Unreviewed
CVE-2023-27999
was published
Jul 6, 2023
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo plugin <= 6.0.2.0...
High
Unreviewed
CVE-2023-25967
was published
Jul 6, 2023
NGINX Management Suite default file permissions are set such that an authenticated attacker may...
High
Unreviewed
CVE-2023-28724
was published
Jul 6, 2023
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of...
High
Unreviewed
CVE-2023-1385
was published
Jul 6, 2023
When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual...
High
Unreviewed
CVE-2023-29163
was published
Jul 6, 2023
NGINX Management Suite may allow an authenticated attacker to gain access to configuration...
High
Unreviewed
CVE-2023-28656
was published
Jul 6, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase
High
CVE-2023-37260
was published
for
league/oauth2-server
(Composer)
Jul 6, 2023
ethyca-fides Webserver API Path Traversal vulnerability
High
CVE-2023-36827
was published
for
ethyca-fides
(pip)
Jul 6, 2023
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
High
CVE-2023-36823
was published
for
sanitize
(RubyGems)
Jul 6, 2023
Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content...
High
Unreviewed
CVE-2023-23790
was published
Jul 6, 2023
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category...
High
Unreviewed
CVE-2023-22691
was published
Jul 6, 2023
A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program...
High
Unreviewed
CVE-2023-22913
was published
Jul 6, 2023
A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series...
High
Unreviewed
CVE-2023-22914
was published
Jul 6, 2023
A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series...
High
Unreviewed
CVE-2023-22915
was published
Jul 6, 2023
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable...
High
Unreviewed
CVE-2023-2297
was published
Jul 6, 2023
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve...
High
Unreviewed
CVE-2023-2236
was published
Jul 6, 2023
A valid XCC user's local account permissions overrides their active directory permissions under...
High
Unreviewed
CVE-2023-29057
was published
Jul 6, 2023
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to...
High
Unreviewed
CVE-2023-2235
was published
Jul 6, 2023
ProTip!
Advisories are also available from the
GraphQL API