GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
467 advisories
Filter by severity
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
High
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
Ankitects Anki arbitrary script execution vulnerability
High
CVE-2024-26020
was published
for
anki
(pip)
Jul 22, 2024
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All...
High
Unreviewed
CVE-2024-50572
was published
Nov 12, 2024
A user controlled parameter related to SMTP test functionality is not correctly validated making...
High
Unreviewed
CVE-2021-31988
was published
May 24, 2022
Plenti arbitrary file deletion vulnerability
High
CVE-2024-49381
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Plenti arbitrary file write vulnerability
High
CVE-2024-49380
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when...
High
Unreviewed
CVE-2023-26130
was published
May 30, 2023
Remote Code Execution in Red Discord Bot
High
CVE-2020-15147
was published
for
Red-DiscordBot
(pip)
Aug 21, 2020
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon...
High
Unreviewed
CVE-2021-39128
was published
May 24, 2022
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can...
High
Unreviewed
CVE-2023-42136
was published
Jan 15, 2024
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature...
High
Unreviewed
CVE-2023-4818
was published
Jan 15, 2024
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
High
CVE-2024-46986
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
High
Unreviewed
CVE-2023-48841
was published
Dec 7, 2023
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account...
High
Unreviewed
CVE-2021-39114
was published
Apr 6, 2022
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8,...
High
Unreviewed
CVE-2023-3922
was published
Sep 29, 2023
SQL Injection in Apache InLong
High
CVE-2023-43667
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
This vulnerability allows an already authenticated admin user to create a malicious payload that...
High
Unreviewed
CVE-2024-1882
was published
Mar 14, 2024
Denial of service attack via incorrect parameters in Matrix Synapse
High
CVE-2020-26257
was published
for
matrix-synapse
(pip)
Dec 9, 2020
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections
High
CVE-2024-29896
was published
for
@kindspells/astro-shield
(npm)
Mar 29, 2024
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to...
High
Unreviewed
CVE-2024-43388
was published
Sep 10, 2024
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
High
CVE-2024-42370
was published
for
litestar
(pip)
Aug 9, 2024
•
withdrawn
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2...
High
Unreviewed
CVE-2023-31209
was published
Aug 10, 2023
ProTip!
Advisories are also available from the
GraphQL API