GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,154 advisories
Filter by severity
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
Un-sanitized metric name or labels can be used to take over exported metrics
Moderate
CVE-2024-28867
was published
for
github.com/swift-server/swift-prometheus
(Swift)
Mar 29, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections
High
CVE-2024-29896
was published
for
@kindspells/astro-shield
(npm)
Mar 29, 2024
RDoc RCE vulnerability with .rdoc_options
Low
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
Server crashes on invalid Cloud Function or Cloud Job name
Critical
CVE-2024-29027
was published
for
parse-server
(npm)
Mar 19, 2024
RCE in TranformGraph().to_dot_graph function
High
CVE-2023-41334
was published
for
astropy
(pip)
Mar 18, 2024
TurboBoost Commands vulnerable to arbitrary method invocation
High
CVE-2024-28181
was published
for
@turbo-boost/commands
(RubyGems)
Mar 15, 2024
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x...
Moderate
Unreviewed
CVE-2024-2445
was published
Mar 15, 2024
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server....
Moderate
Unreviewed
CVE-2024-1883
was published
Mar 14, 2024
This vulnerability allows an already authenticated admin user to create a malicious payload that...
High
Unreviewed
CVE-2024-1882
was published
Mar 14, 2024
An injection vulnerability has been reported to affect several QNAP operating system versions. If...
Moderate
Unreviewed
CVE-2024-21900
was published
Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-23268
was published
Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-23274
was published
Mar 8, 2024
Improper neutralization of special elements in output (CWE-74) used by the email generation...
Moderate
Unreviewed
CVE-2024-21838
was published
Mar 5, 2024
A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected...
Moderate
Unreviewed
CVE-2024-2064
was published
Mar 1, 2024
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The...
Moderate
Unreviewed
CVE-2024-1619
was published
Feb 29, 2024
Pimcore Host Header Injection in user invitation link
High
CVE-2024-25625
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Feb 20, 2024
MantisBT Host Header Injection vulnerability
High
CVE-2024-23830
was published
for
mantisbt/mantisbt
(Composer)
Feb 20, 2024
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could...
High
Unreviewed
CVE-2024-22319
was published
Feb 2, 2024
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0...
High
Unreviewed
CVE-2023-51939
was published
Feb 1, 2024
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
High
CVE-2024-23828
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
Host header injection in the password reset
High
CVE-2024-23648
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the...
Moderate
Unreviewed
CVE-2021-4227
was published
Jan 16, 2024
Summary of Vulnerability
A template injection vulnerability on older versions of Confluence Data...
Critical
Unreviewed
CVE-2023-22527
was published
Jan 16, 2024
ProTip!
Advisories are also available from the
GraphQL API