Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

468 advisories

Loading
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2024-23268 was published Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2024-23274 was published Mar 8, 2024
Pimcore Host Header Injection in user invitation link High
CVE-2024-25625 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 20, 2024
v0lck3r
MantisBT Host Header Injection vulnerability High
CVE-2024-23830 was published for mantisbt/mantisbt (Composer) Feb 20, 2024
dregad Kerkroups
shaozi plmaltais atrol
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could... High Unreviewed
CVE-2024-22319 was published Feb 2, 2024
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0... High Unreviewed
CVE-2023-51939 was published Feb 1, 2024
Craft CMS Feed-Me High
CVE-2023-36260 was published for craftcms/cms (Composer) Jan 30, 2024
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF High
CVE-2024-23828 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1 0xJacky
Host header injection in the password reset High
CVE-2024-23648 was published for pimcore/admin-ui-classic-bundle (Composer) Jan 24, 2024
Mathisca
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed
CVE-2023-42136 was published Jan 15, 2024
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature... High Unreviewed
CVE-2023-4818 was published Jan 15, 2024
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter... High Unreviewed
CVE-2023-29050 was published Jan 8, 2024
CouchAuth host header injection vulnerability leaks the password reset token High
CVE-2023-39655 was published for @perfood/couch-auth (npm) Jan 3, 2024
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271) High
CVE-2023-51664 was published for tj-actions/changed-files (GitHub Actions) Jan 2, 2024
jorgectf jsoref
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker... High Unreviewed
CVE-2023-7114 was published Dec 29, 2023
On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication... High Unreviewed
CVE-2023-49328 was published Dec 25, 2023
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting... High Unreviewed
CVE-2023-49964 was published Dec 11, 2023
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. High Unreviewed
CVE-2023-48841 was published Dec 7, 2023
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the... High Unreviewed
CVE-2023-48826 was published Dec 7, 2023
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. High Unreviewed
CVE-2023-48835 was published Dec 7, 2023
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. High Unreviewed
CVE-2023-48830 was published Dec 7, 2023
Mattermost Injection vulnerability High
CVE-2023-6458 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
An issue in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive... High Unreviewed
CVE-2023-48199 was published Nov 16, 2023
Dolibarr Improper Input Validation vulnerability High
CVE-2023-4197 was published for dolibarr/dolibarr (Composer) Nov 1, 2023
juzawebCMS Injection vulnerability High
CVE-2023-46468 was published for juzaweb/cms (Composer) Oct 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database