GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
469 advisories
Filter by severity
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty...
High
Unreviewed
CVE-2023-29400
was published
May 11, 2023
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4,...
High
Unreviewed
CVE-2024-23280
was published
Mar 8, 2024
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
High
CVE-2024-53860
was published
for
spencer14420/sp-php-email-handler
(Composer)
Nov 27, 2024
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts....
High
Unreviewed
CVE-2023-24539
was published
May 11, 2023
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
High
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
Ankitects Anki arbitrary script execution vulnerability
High
CVE-2024-26020
was published
for
anki
(pip)
Jul 22, 2024
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All...
High
Unreviewed
CVE-2024-50572
was published
Nov 12, 2024
A user controlled parameter related to SMTP test functionality is not correctly validated making...
High
Unreviewed
CVE-2021-31988
was published
May 24, 2022
Plenti arbitrary file deletion vulnerability
High
CVE-2024-49381
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Plenti arbitrary file write vulnerability
High
CVE-2024-49380
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when...
High
Unreviewed
CVE-2023-26130
was published
May 30, 2023
Remote Code Execution in Red Discord Bot
High
CVE-2020-15147
was published
for
Red-DiscordBot
(pip)
Aug 21, 2020
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon...
High
Unreviewed
CVE-2021-39128
was published
May 24, 2022
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can...
High
Unreviewed
CVE-2023-42136
was published
Jan 15, 2024
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature...
High
Unreviewed
CVE-2023-4818
was published
Jan 15, 2024
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
High
CVE-2024-46986
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
High
Unreviewed
CVE-2023-48841
was published
Dec 7, 2023
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account...
High
Unreviewed
CVE-2021-39114
was published
Apr 6, 2022
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8,...
High
Unreviewed
CVE-2023-3922
was published
Sep 29, 2023
SQL Injection in Apache InLong
High
CVE-2023-43667
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
This vulnerability allows an already authenticated admin user to create a malicious payload that...
High
Unreviewed
CVE-2024-1882
was published
Mar 14, 2024
Denial of service attack via incorrect parameters in Matrix Synapse
High
CVE-2020-26257
was published
for
matrix-synapse
(pip)
Dec 9, 2020
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
ProTip!
Advisories are also available from the
GraphQL API