Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f.... Moderate Unreviewed
CVE-2024-8334 was published Aug 30, 2024
A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been... Moderate Unreviewed
CVE-2024-8297 was published Aug 29, 2024
Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint... Low Unreviewed
CVE-2024-23194 was published Jul 11, 2024
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can... Critical Unreviewed
CVE-2024-0095 was published Jun 14, 2024
An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly... Moderate Unreviewed
CVE-2024-31845 was published May 21, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in... Moderate Unreviewed
CVE-2023-28952 was published May 3, 2024
Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs... Moderate Unreviewed
CVE-2023-39461 was published May 3, 2024
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection... High Unreviewed
CVE-2024-25047 was published May 2, 2024
flask-cors vulnerable to log injection when the log level is set to debug Moderate
CVE-2024-1681 was published for flask-cors (pip) Apr 19, 2024
bayandin
Sentry vulnerable to leaking superuser cleartext password in logs High
CVE-2024-32474 was published for sentry (pip) Apr 18, 2024
lluuaapp
Keycloak vulnerable to log Injection during WebAuthn authentication or registration Moderate
CVE-2023-6484 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
dhvakr
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM... Moderate Unreviewed
CVE-2024-22356 was published Mar 26, 2024
Potential log injection in reset user endpoint in CKAN Moderate
CVE-2024-27097 was published for ckan (pip) Mar 13, 2024
ZuhairORZaki
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate... Moderate Unreviewed
CVE-2023-38020 was published Feb 2, 2024
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1... Moderate Unreviewed
CVE-2024-0987 was published Jan 29, 2024
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed... Low Unreviewed
CVE-2024-22229 was published Jan 24, 2024
OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected... Moderate Unreviewed
CVE-2023-7234 was published Jan 16, 2024
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7... Moderate Unreviewed
CVE-2023-46713 was published Dec 13, 2023
YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated... High Unreviewed
CVE-2023-6002 was published Nov 8, 2023
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs.... Critical Unreviewed
CVE-2023-46321 was published Oct 23, 2023
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The... Critical Unreviewed
CVE-2023-46322 was published Oct 23, 2023
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in... Moderate Unreviewed
CVE-2023-4065 was published Sep 27, 2023
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can... High Unreviewed
CVE-2023-4571 was published Aug 30, 2023
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability... High Unreviewed
CVE-2023-3997 was published Jul 31, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database