Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
Rancher code injection via fluentd config commands High
CVE-2019-12303 was published for github.com/rancher/rancher (Go) May 24, 2022
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel
Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks High
CVE-2017-17516 was published for rtv (pip) May 14, 2022
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to ... High Unreviewed
CVE-2019-17123 was published May 24, 2022
An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest... High Unreviewed
CVE-2023-2760 was published Jul 17, 2023
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a... High Unreviewed
CVE-2023-3665 was published Oct 4, 2023
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET... High Unreviewed
CVE-2023-27533 was published Mar 30, 2023
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that... High Unreviewed
CVE-2023-43835 was published Oct 2, 2023
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname... High Unreviewed
CVE-2023-41580 was published Oct 2, 2023
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to... High Unreviewed
CVE-2023-36250 was published Sep 14, 2023
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows... High Unreviewed
CVE-2023-39424 was published Sep 7, 2023
Mattermost fails to restrict which parameters' values it takes from the request during signup... High Unreviewed
CVE-2023-4478 was published Aug 25, 2023
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute... High Unreviewed
CVE-2020-28848 was published Aug 11, 2023
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the... High Unreviewed
CVE-2023-33242 was published Aug 10, 2023
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2023-38609 was published Jul 28, 2023
Improper Input Validation vulnerability in the ContentType parameter for attachments on... High Unreviewed
CVE-2023-38060 was published Jul 24, 2023
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote... High Unreviewed
CVE-2023-34203 was published Jun 23, 2023
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second... High Unreviewed
CVE-2023-35810 was published Jun 18, 2023
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements... High Unreviewed
CVE-2023-30575 was published Jun 7, 2023
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and... High Unreviewed
CVE-2019-25150 was published Jun 7, 2023
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows... High Unreviewed
CVE-2020-14987 was published May 24, 2022
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11.... High Unreviewed
CVE-2020-12855 was published May 24, 2022
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution... High Unreviewed
CVE-2020-5604 was published May 24, 2022
CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. High Unreviewed
CVE-2019-13285 was published May 24, 2022
cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and... High Unreviewed
CVE-2020-11709 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database