Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8... High Unreviewed
CVE-2023-20858 was published Feb 22, 2023
ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user... High Unreviewed
CVE-2023-25719 was published Feb 13, 2023
debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of... High Unreviewed
CVE-2023-27635 was published Mar 6, 2023
An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14... High Unreviewed
CVE-2022-42797 was published Feb 27, 2023
In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430,... High Unreviewed
CVE-2023-25616 was published Mar 14, 2023
SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of... High Unreviewed
CVE-2023-25617 was published Mar 14, 2023
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD High
CVE-2022-31179 was published for shescape (npm) Jul 15, 2022
tdunlap607
delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions... High Unreviewed
CVE-2023-26919 was published Apr 10, 2023
Command injection in cocoapods-downloader High
CVE-2022-21223 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
Command injection in cocoapods-downloader High
CVE-2022-24440 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
tdunlap607
Code Injection vulnerability in CarrierWave::RMagick High
CVE-2021-21305 was published for carrierwave (RubyGems) Feb 8, 2021
wonda-tea-coffee
Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who... High Unreviewed
CVE-2022-46873 was published Dec 22, 2022
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2,... High Unreviewed
CVE-2022-43769 was published Apr 3, 2023
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x... High Unreviewed
CVE-2020-26116 was published May 24, 2022
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers High
CVE-2023-0040 was published for github.com/swift-server/async-http-client (Swift) Jun 7, 2023
dellalibera
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via... High Unreviewed
CVE-2022-3724 was published Dec 9, 2022
A vulnerability exists in the http web interface where the web interface does not validate data... High Unreviewed
CVE-2021-40336 was published Jul 26, 2022
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on... High Unreviewed
CVE-2022-41716 was published Nov 2, 2022
Multiple vulnerabilities through filename manipulation in Archive_Tar High
CVE-2020-28949 was published for pear/archive_tar (Composer) Apr 22, 2021
PEAR core file overwrite vulnerability High
CVE-2017-5630 was published for pear/pear (Composer) May 13, 2022
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated,... High Unreviewed
CVE-2022-20693 was published Apr 16, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco... High Unreviewed
CVE-2022-20718 was published Apr 16, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco... High Unreviewed
CVE-2022-20719 was published Apr 16, 2022
In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur... High Unreviewed
CVE-2020-11928 was published May 24, 2022
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for... High Unreviewed
CVE-2022-25366 was published Feb 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database