Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
HTTP response splitting in uvicorn High
CVE-2020-7695 was published for uvicorn (pip) Jul 29, 2020
Dolibarr ERP CRM vulnerable to remote code execution (RCE) High
CVE-2024-40137 was published for dolibarr/dolibarr (Composer) Jul 24, 2024
Ankitects Anki arbitrary script execution vulnerability High
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All... High Unreviewed
CVE-2024-50572 was published Nov 12, 2024
A user controlled parameter related to SMTP test functionality is not correctly validated making... High Unreviewed
CVE-2021-31988 was published May 24, 2022
Plenti arbitrary file deletion vulnerability High
CVE-2024-49381 was published for github.com/plentico/plenti (Go) Oct 31, 2024
Plenti arbitrary file write vulnerability High
CVE-2024-49380 was published for github.com/plentico/plenti (Go) Oct 31, 2024
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when... High Unreviewed
CVE-2023-26130 was published May 30, 2023
Remote Code Execution in Red Discord Bot High
CVE-2020-15147 was published for Red-DiscordBot (pip) Aug 21, 2020
Jackenmen
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon... High Unreviewed
CVE-2021-39128 was published May 24, 2022
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed
CVE-2023-42136 was published Jan 15, 2024
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature... High Unreviewed
CVE-2023-4818 was published Jan 15, 2024
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. High Unreviewed
CVE-2023-48841 was published Dec 7, 2023
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account... High Unreviewed
CVE-2021-39114 was published Apr 6, 2022
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8,... High Unreviewed
CVE-2023-3922 was published Sep 29, 2023
SQL Injection in Apache InLong High
CVE-2023-43667 was published for org.apache.inlong:inlong (Maven) Oct 16, 2023
This vulnerability allows an already authenticated admin user to create a malicious payload that... High Unreviewed
CVE-2024-1882 was published Mar 14, 2024
Denial of service attack via incorrect parameters in Matrix Synapse High
CVE-2020-26257 was published for matrix-synapse (pip) Dec 9, 2020
SOFA Hessian Remote Command Execution (RCE) Vulnerability High
CVE-2024-46983 was published for com.alipay.sofa:hessian (Maven) Sep 19, 2024
unam4 springkill
Content-Security-Policy header generation in middleware could be compromised by malicious injections High
CVE-2024-29896 was published for @kindspells/astro-shield (npm) Mar 29, 2024
castarco
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to... High Unreviewed
CVE-2024-43388 was published Sep 10, 2024
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow High
CVE-2024-42370 was published for litestar (pip) Aug 9, 2024 withdrawn
pwntester JacobCoffee
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2... High Unreviewed
CVE-2023-31209 was published Aug 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database