Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options.... High Unreviewed
CVE-2022-37027 was published Sep 22, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection High
CVE-2020-12790 was published for nystudio107/craft-seomatic (Composer) May 24, 2022
activesupport in Rails vulnerable to incorrect data conversion High
CVE-2013-0333 was published for activesupport (RubyGems) Oct 24, 2017
b3log Wide unauthenticated file access High
CVE-2019-13915 was published for github.com/b3log/wide (Go) May 24, 2022
RubyGems Escape sequence injection in errors High
CVE-2019-8325 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in api response handling High
CVE-2019-8323 was published for rubygems-update (RubyGems) Jun 20, 2019
Arbitrary Code Execution in json-ptr High
CVE-2020-7766 was published for json-ptr (npm) May 10, 2021
tdunlap607
Injection and Cross-site Scripting in osm-static-maps High
CVE-2020-7749 was published for osm-static-maps (npm) May 10, 2021
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of... High Unreviewed
CVE-2020-9406 was published May 24, 2022
Clamscan vulnerable to command injection High
CVE-2020-7613 was published for clamscan (npm) May 24, 2022
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the... High Unreviewed
CVE-2021-24002 was published May 24, 2022
Opencast RCE Vulnerability High
CVE-2017-1000217 was published for org.opencastproject:base (Maven) May 14, 2022
Withdrawn Advisory: HTML injections in BTCPayServer High
CVE-2023-0493 was published for BTCPayServer.Client (NuGet) Jan 27, 2023 withdrawn
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated... High Unreviewed
CVE-2022-39016 was published Nov 1, 2022
Ingress nginx annotation injection causes arbitrary command execution High
CVE-2023-5043 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
HTML injection in search results via plaintext message highlighting High
CVE-2023-30609 was published for matrix-react-sdk (npm) Apr 25, 2023
crack does not properly restrict casts of string values High
CVE-2013-1800 was published for crack (RubyGems) Oct 24, 2017
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension High
CVE-2023-32679 was published for craftcms/cms (Composer) May 22, 2023
awakerrday
XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon High
CVE-2023-29518 was published for org.xwiki.platform:xwiki-platform-invitation-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from account/view through VFS Tree macro High
CVE-2023-29521 was published for org.xwiki.platform:xwiki-platform-vfs-ui (Maven) Apr 20, 2023
XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet High
CVE-2023-29522 was published for org.xwiki.platform:xwiki-platform-xclass-ui (Maven) Apr 20, 2023
org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection High
CVE-2023-29519 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Apr 20, 2023
RubyGems Escape sequence injection vulnerability in gem owner High
CVE-2019-8322 was published for rubygems-update (RubyGems) Jun 20, 2019
Remote code execution in dependabot-core branch names when cloning High
CVE-2020-26222 was published for dependabot-common (RubyGems) Nov 13, 2020
mrthankyou
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database