Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

220 advisories

Loading
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows... Critical Unreviewed
CVE-2024-39704 was published Jul 3, 2024
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay... Critical Unreviewed
CVE-2024-34919 was published May 17, 2024
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection Critical
CVE-2021-43350 was published for github.com/apache/trafficcontrol (Go) May 24, 2022
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution Critical
GHSA-cc97-g92w-jm65 was published for typo3/cms-core (Composer) May 30, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-7336-ghhp-f2qj was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-q3g4-2vw9-xv27 was published for shopware/shopware (Composer) May 21, 2024
Server-Side Template Injection in formio Critical
CVE-2020-28246 was published for formio (npm) Jun 3, 2022
An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions... Critical Unreviewed
CVE-2023-33566 was published Jun 27, 2023
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
Fat-Free Framework arbitrary code execution Critical
CVE-2020-5203 was published for bcosca/fatfree (Composer) May 24, 2022
CodeIgniter arbitrary code execution Critical
CVE-2016-10131 was published for codeigniter4/framework (Composer) May 17, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to... Critical Unreviewed
CVE-2022-47583 was published Oct 19, 2023
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the... Critical Unreviewed
CVE-2023-1523 was published Sep 1, 2023
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via... Critical Unreviewed
CVE-2022-24989 was published Aug 20, 2023
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a... Critical Unreviewed
CVE-2023-33241 was published Aug 10, 2023
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template... Critical Unreviewed
CVE-2023-36210 was published Aug 1, 2023
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates... Critical Unreviewed
CVE-2023-24540 was published May 11, 2023
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager... Critical Unreviewed
CVE-2020-15348 was published May 24, 2022
Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64... Critical Unreviewed
CVE-2020-5505 was published May 24, 2022
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by... Critical Unreviewed
CVE-2019-19330 was published May 24, 2022
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may... Critical Unreviewed
CVE-2019-9535 was published May 24, 2022
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection. Critical Unreviewed
CVE-2017-18583 was published May 24, 2022
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as... Critical Unreviewed
CVE-2019-12966 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database