Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

108,708 advisories

Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross... Moderate Unreviewed
CVE-2023-30792 was published Apr 29, 2023
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting.... Moderate Unreviewed
CVE-2022-43871 was published Apr 29, 2023
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server,... Moderate Unreviewed
CVE-2023-31485 was published Apr 29, 2023
A valid, authenticated administrative user can query a web interface API to reveal the configured... Moderate Unreviewed
CVE-2023-25495 was published Apr 29, 2023
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other... Moderate Unreviewed
CVE-2023-29058 was published Apr 28, 2023
A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229... Moderate Unreviewed
CVE-2023-30405 was published Apr 28, 2023
An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via... Moderate Unreviewed
CVE-2023-26782 was published Apr 28, 2023
Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote... Moderate Unreviewed
CVE-2020-23647 was published Apr 28, 2023
Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code... Moderate Unreviewed
CVE-2020-21643 was published Apr 28, 2023
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the ... Moderate Unreviewed
CVE-2023-30454 was published Apr 28, 2023
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is... Moderate Unreviewed
CVE-2023-25930 was published Apr 28, 2023
Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate Unreviewed
CVE-2023-29334 was published Apr 28, 2023
Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information... Moderate Unreviewed
CVE-2023-1526 was published Apr 28, 2023
A potential security vulnerability has been identified in the system BIOS for certain HP PC... Moderate Unreviewed
CVE-2022-31643 was published Apr 28, 2023
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. Moderate Unreviewed
CVE-2023-30123 was published Apr 28, 2023
Insecure Permissions vulnerability found in MagicJack A921 USB Phone Jack Rev 3.0 v.1.4 allows a... Moderate Unreviewed
CVE-2023-30024 was published Apr 28, 2023
IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0... Moderate Unreviewed
CVE-2020-4729 was published Apr 28, 2023
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page... Moderate Unreviewed
CVE-2023-29489 was published Apr 27, 2023
swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function... Moderate Unreviewed
CVE-2023-29950 was published Apr 27, 2023
Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside... Moderate Unreviewed
CVE-2022-25091 was published Apr 27, 2023
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the... Moderate Unreviewed
CVE-2022-38730 was published Apr 27, 2023
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2023-28286 was published Apr 27, 2023
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Moderate Unreviewed
CVE-2023-28261 was published Apr 27, 2023
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error... Moderate Unreviewed
CVE-2023-27860 was published Apr 27, 2023
Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers... Moderate Unreviewed
CVE-2023-30338 was published Apr 27, 2023
ProTip! Advisories are also available from the GraphQL API