Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
Langchain Server-Side Request Forgery vulnerability High
CVE-2023-32786 was published for langchain (pip) Oct 21, 2023
eyurtsev
SQL Injection in Apache InLong High
CVE-2023-43667 was published for org.apache.inlong:inlong (Maven) Oct 16, 2023
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may... High Unreviewed
CVE-2023-44109 was published Oct 11, 2023
ThingsBoard Server-Side Template Injection High
CVE-2023-45303 was published for org.thingsboard:thingsboard (Maven) Oct 6, 2023
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a... High Unreviewed
CVE-2023-3665 was published Oct 4, 2023
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that... High Unreviewed
CVE-2023-43835 was published Oct 2, 2023
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname... High Unreviewed
CVE-2023-41580 was published Oct 2, 2023
Composer Remote Code Execution vulnerability via web-accessible composer.phar High
CVE-2023-43655 was published for composer/composer (Composer) Sep 29, 2023
thomas-chauchefoin-sonarsource
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8,... High Unreviewed
CVE-2023-3922 was published Sep 29, 2023
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to... High Unreviewed
CVE-2023-36250 was published Sep 14, 2023
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows... High Unreviewed
CVE-2023-39424 was published Sep 7, 2023
Sandbox escape via various forms of "format". High
CVE-2023-41039 was published for RestrictedPython (pip) Aug 30, 2023
ankush abhishekg999
d-maurer icemac Quasar0147
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can... High Unreviewed
CVE-2023-4571 was published Aug 30, 2023
Mattermost fails to restrict which parameters' values it takes from the request during signup... High Unreviewed
CVE-2023-4478 was published Aug 25, 2023
Craft CMS vulnerable to Remote Code Execution via validatePath bypass High
CVE-2023-40035 was published for craftcms/cms (Composer) Aug 21, 2023
awakerrday
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute... High Unreviewed
CVE-2020-28848 was published Aug 11, 2023
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2... High Unreviewed
CVE-2023-31209 was published Aug 10, 2023
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the... High Unreviewed
CVE-2023-33242 was published Aug 10, 2023
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability... High Unreviewed
CVE-2023-3997 was published Jul 31, 2023
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2023-38609 was published Jul 28, 2023
Improper Input Validation vulnerability in the ContentType parameter for attachments on... High Unreviewed
CVE-2023-38060 was published Jul 24, 2023
grav Server-side Template Injection (SSTI) mitigation bypass High
CVE-2023-37897 was published for getgrav/grav (Composer) Jul 19, 2023
s4ex Malayke
An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest... High Unreviewed
CVE-2023-2760 was published Jul 17, 2023
zenstruck/collection passing callable string to EntityRepository::find() and query() High
CVE-2023-37473 was published for zenstruck/collection (Composer) Jul 14, 2023
kbond
Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration High
CVE-2023-33234 was published for apache-airflow-providers-cncf-kubernetes (pip) Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database