GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
108,708 advisories
Filter by severity
Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross...
Moderate
Unreviewed
CVE-2023-30792
was published
Apr 29, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting....
Moderate
Unreviewed
CVE-2022-43871
was published
Apr 29, 2023
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server,...
Moderate
Unreviewed
CVE-2023-31485
was published
Apr 29, 2023
A valid, authenticated administrative user can query a web interface API to reveal the configured...
Moderate
Unreviewed
CVE-2023-25495
was published
Apr 29, 2023
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other...
Moderate
Unreviewed
CVE-2023-29058
was published
Apr 28, 2023
A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229...
Moderate
Unreviewed
CVE-2023-30405
was published
Apr 28, 2023
An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via...
Moderate
Unreviewed
CVE-2023-26782
was published
Apr 28, 2023
Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote...
Moderate
Unreviewed
CVE-2020-23647
was published
Apr 28, 2023
Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code...
Moderate
Unreviewed
CVE-2020-21643
was published
Apr 28, 2023
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the ...
Moderate
Unreviewed
CVE-2023-30454
was published
Apr 28, 2023
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is...
Moderate
Unreviewed
CVE-2023-25930
was published
Apr 28, 2023
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Moderate
Unreviewed
CVE-2023-29334
was published
Apr 28, 2023
Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information...
Moderate
Unreviewed
CVE-2023-1526
was published
Apr 28, 2023
A potential security vulnerability has been identified in the system BIOS for certain HP PC...
Moderate
Unreviewed
CVE-2022-31643
was published
Apr 28, 2023
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
Moderate
Unreviewed
CVE-2023-30123
was published
Apr 28, 2023
Insecure Permissions vulnerability found in MagicJack A921 USB Phone Jack Rev 3.0 v.1.4 allows a...
Moderate
Unreviewed
CVE-2023-30024
was published
Apr 28, 2023
IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0...
Moderate
Unreviewed
CVE-2020-4729
was published
Apr 28, 2023
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page...
Moderate
Unreviewed
CVE-2023-29489
was published
Apr 27, 2023
swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function...
Moderate
Unreviewed
CVE-2023-29950
was published
Apr 27, 2023
Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside...
Moderate
Unreviewed
CVE-2022-25091
was published
Apr 27, 2023
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the...
Moderate
Unreviewed
CVE-2022-38730
was published
Apr 27, 2023
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2023-28286
was published
Apr 27, 2023
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Moderate
Unreviewed
CVE-2023-28261
was published
Apr 27, 2023
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error...
Moderate
Unreviewed
CVE-2023-27860
was published
Apr 27, 2023
Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers...
Moderate
Unreviewed
CVE-2023-30338
was published
Apr 27, 2023
ProTip!
Advisories are also available from the
GraphQL API