GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Langchain SQL Injection vulnerability
Low
CVE-2024-8309
was published
for
langchain
(pip)
Oct 29, 2024
cookie accepts cookie name, path, and domain with out of bounds characters
Low
CVE-2024-47764
was published
for
cookie
(npm)
Oct 4, 2024
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior...
Low
Unreviewed
CVE-2024-0231
was published
Jul 25, 2024
dbt has an implicit override for built-in materializations from installed packages
Low
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-35777
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37253
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37442
was published
Jul 9, 2024
Monolog Header injection in NativeMailerHandler
Low
GHSA-f57v-q966-7fh6
was published
for
monolog/monolog
(Composer)
May 15, 2024
Contao: Unencoded insert tags in the frontend
Low
CVE-2024-28191
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
RDoc RCE vulnerability with .rdoc_options
Low
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit...
Low
Unreviewed
CVE-2023-6004
was published
Jan 3, 2024
Mattermost Injection vulnerability
Low
CVE-2023-35075
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Magnesium-PHP Injection vulnerability
Low
CVE-2017-20187
was published
for
floriangaerber/magnesium
(Composer)
Nov 5, 2023
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can...
Low
Unreviewed
CVE-2022-23721
was published
Apr 25, 2023
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID...
Low
Unreviewed
CVE-2023-29383
was published
Apr 15, 2023
Unsanitized input leading to code injection in Dalli
Low
CVE-2022-4064
was published
for
dalli
(RubyGems)
Nov 19, 2022
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains...
Low
Unreviewed
CVE-2020-16230
was published
May 24, 2022
An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the...
Low
Unreviewed
CVE-2020-25048
was published
May 24, 2022
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a...
Low
Unreviewed
CVE-2020-1443
was published
May 24, 2022
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private...
Low
Unreviewed
CVE-2020-15011
was published
May 24, 2022
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can...
Low
Unreviewed
CVE-2020-14965
was published
May 24, 2022
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
Low
Unreviewed
CVE-2020-13480
was published
May 24, 2022
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2...
Low
Unreviewed
CVE-2017-18860
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API