GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,049 advisories
Filter by severity
The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user...
Critical
Unreviewed
CVE-2023-5340
was published
Nov 20, 2023
Apache Derby: LDAP injection vulnerability in authenticator
Critical
CVE-2022-46337
was published
for
org.apache.derby:derby
(Maven)
Nov 20, 2023
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or...
Moderate
Unreviewed
CVE-2023-6174
was published
Nov 16, 2023
An issue in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive...
High
Unreviewed
CVE-2023-48199
was published
Nov 16, 2023
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE...
Critical
Unreviewed
CVE-2023-44373
was published
Nov 14, 2023
Magnesium-PHP Injection vulnerability
Low
CVE-2017-20187
was published
for
floriangaerber/magnesium
(Composer)
Nov 5, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9...
Moderate
Unreviewed
CVE-2023-4767
was published
Nov 3, 2023
Dolibarr Improper Input Validation vulnerability
High
CVE-2023-4197
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow...
Moderate
Unreviewed
CVE-2023-4393
was published
Oct 30, 2023
juzawebCMS Injection vulnerability
High
CVE-2023-46468
was published
for
juzaweb/cms
(Composer)
Oct 28, 2023
Ingress nginx annotation injection causes arbitrary command execution
High
CVE-2023-5043
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Langchain SQL Injection vulnerability
Critical
CVE-2023-32785
was published
for
langchain
(pip)
Oct 21, 2023
Langchain Server-Side Request Forgery vulnerability
High
CVE-2023-32786
was published
for
langchain
(pip)
Oct 21, 2023
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to...
Critical
Unreviewed
CVE-2022-47583
was published
Oct 19, 2023
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary...
Moderate
Unreviewed
CVE-2023-45540
was published
Oct 17, 2023
Cachet vulnerable to Authenticated Remote Code Execution
Critical
CVE-2023-43661
was published
for
cachethq/cachet
(Composer)
Oct 16, 2023
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may...
High
Unreviewed
CVE-2023-44109
was published
Oct 11, 2023
ThingsBoard Server-Side Template Injection
High
CVE-2023-45303
was published
for
org.thingsboard:thingsboard
(Maven)
Oct 6, 2023
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote,...
Moderate
Unreviewed
CVE-2022-4145
was published
Oct 5, 2023
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a...
High
Unreviewed
CVE-2023-3665
was published
Oct 4, 2023
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that...
High
Unreviewed
CVE-2023-43835
was published
Oct 2, 2023
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname...
High
Unreviewed
CVE-2023-41580
was published
Oct 2, 2023
PostCSS line return parsing error
Moderate
CVE-2023-44270
was published
for
postcss
(npm)
Sep 30, 2023
Composer Remote Code Execution vulnerability via web-accessible composer.phar
High
CVE-2023-43655
was published
for
composer/composer
(Composer)
Sep 29, 2023
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8,...
High
Unreviewed
CVE-2023-3922
was published
Sep 29, 2023
ProTip!
Advisories are also available from the
GraphQL API