Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. High Unreviewed
CVE-2023-48841 was published Dec 7, 2023
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed
CVE-2023-42136 was published Jan 15, 2024
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature... High Unreviewed
CVE-2023-4818 was published Jan 15, 2024
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon... High Unreviewed
CVE-2021-39128 was published May 24, 2022
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
Remote Code Execution in Red Discord Bot High
CVE-2020-15147 was published for Red-DiscordBot (pip) Aug 21, 2020
Jackenmen
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when... High Unreviewed
CVE-2023-26130 was published May 30, 2023
Plenti arbitrary file write vulnerability High
CVE-2024-49380 was published for github.com/plentico/plenti (Go) Oct 31, 2024
Plenti arbitrary file deletion vulnerability High
CVE-2024-49381 was published for github.com/plentico/plenti (Go) Oct 31, 2024
A user controlled parameter related to SMTP test functionality is not correctly validated making... High Unreviewed
CVE-2021-31988 was published May 24, 2022
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All... High Unreviewed
CVE-2024-50572 was published Nov 12, 2024
Ankitects Anki arbitrary script execution vulnerability High
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san
Dolibarr ERP CRM vulnerable to remote code execution (RCE) High
CVE-2024-40137 was published for dolibarr/dolibarr (Composer) Jul 24, 2024
HTTP response splitting in uvicorn High
CVE-2020-7695 was published for uvicorn (pip) Jul 29, 2020
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts.... High Unreviewed
CVE-2023-24539 was published May 11, 2023
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails High
CVE-2024-53860 was published for spencer14420/sp-php-email-handler (Composer) Nov 27, 2024
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4,... High Unreviewed
CVE-2024-23280 was published Mar 8, 2024
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty... High Unreviewed
CVE-2023-29400 was published May 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database