Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

285 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-47320 was published Oct 6, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor... Moderate Unreviewed
CVE-2024-7745 was published Aug 28, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a... Moderate Unreviewed
CVE-2024-7744 was published Aug 28, 2024
Twisted vulnerable to HTML injection in HTTP redirect body Moderate
CVE-2024-41810 was published for twisted (pip) Jul 29, 2024
v1ktor0t twm
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37537 was published Jul 21, 2024
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing Moderate
CVE-2024-21583 was published for github.com/gitpod-io/gitpod (Go) Jul 19, 2024
Microsoft WS-Discovery Denial of Service Vulnerability High Unreviewed
CVE-2024-38091 was published Jul 9, 2024
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in... Critical Unreviewed
CVE-2024-39848 was published Jun 30, 2024
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an... High Unreviewed
CVE-2024-36495 was published Jun 24, 2024
ws affected by a DoS when handling a request with many HTTP headers High
CVE-2024-37890 was published for ws (npm) Jun 17, 2024
rrlapointe
The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and... Moderate Unreviewed
CVE-2023-5424 was published Jun 7, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation High
CVE-2023-36821 was published for uptime-kuma (npm) May 1, 2024
n-thumann
Jupyter Server Proxy's Websocket Proxying does not require authentication Critical
CVE-2024-28179 was published for jupyter-server-proxy (pip) Mar 20, 2024
yuvipanda consideRatio
manics minrk krassowski dlqqq eddelbuettel
An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can... High Unreviewed
CVE-2022-34269 was published Feb 29, 2024
Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker... High Unreviewed
CVE-2024-24476 was published Feb 21, 2024
In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been... High Unreviewed
CVE-2024-1474 was published Feb 21, 2024
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC... Moderate Unreviewed
CVE-2023-6374 was published Jan 30, 2024
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268) High
CVE-2024-22198 was published for github.com/0xJacky/Nginx-UI (Go) Jan 11, 2024
jorgectf Hintay
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2023-52135 was published Dec 29, 2023
An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value... Critical Unreviewed
CVE-2022-34267 was published Dec 25, 2023
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd... Moderate Unreviewed
CVE-2023-7090 was published Dec 24, 2023
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege... High Unreviewed
CVE-2023-42465 was published Dec 22, 2023
In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been... High Unreviewed
CVE-2023-42659 was published Nov 14, 2023
Directus crashes on invalid WebSocket message High
CVE-2023-45820 was published for directus (npm) Oct 19, 2023
nles
Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to... Moderate Unreviewed
CVE-2023-5113 was published Oct 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database