GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,091 advisories
Filter by severity
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)
High
CVE-2023-51664
was published
for
tj-actions/changed-files
(GitHub Actions)
Jan 2, 2024
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker...
High
Unreviewed
CVE-2023-7114
was published
Dec 29, 2023
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Moderate
CVE-2023-52081
was published
for
github.com/ewen-lbh/ffcss
(Go)
Dec 28, 2023
On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication...
High
Unreviewed
CVE-2023-49328
was published
Dec 25, 2023
A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210....
Moderate
Unreviewed
CVE-2023-7039
was published
Dec 21, 2023
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI...
Moderate
Unreviewed
CVE-2023-35895
was published
Dec 20, 2023
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell...
Critical
Unreviewed
CVE-2023-46456
was published
Dec 12, 2023
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting...
High
Unreviewed
CVE-2023-49964
was published
Dec 11, 2023
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export.
High
Unreviewed
CVE-2023-48830
was published
Dec 7, 2023
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
High
Unreviewed
CVE-2023-48835
was published
Dec 7, 2023
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the...
High
Unreviewed
CVE-2023-48826
was published
Dec 7, 2023
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
High
Unreviewed
CVE-2023-48841
was published
Dec 7, 2023
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated...
Moderate
Unreviewed
CVE-2023-48205
was published
Dec 7, 2023
Mattermost Injection vulnerability
High
CVE-2023-6458
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Dec 6, 2023
This Template Injection vulnerability allows an authenticated attacker, including one with...
Critical
Unreviewed
CVE-2023-22522
was published
Dec 6, 2023
Mattermost Injection vulnerability
Low
CVE-2023-35075
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Usedesk before 1.7.57 allows chat template injection.
Critical
Unreviewed
CVE-2023-49214
was published
Nov 24, 2023
The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user...
Critical
Unreviewed
CVE-2023-5340
was published
Nov 20, 2023
Apache Derby: LDAP injection vulnerability in authenticator
Critical
CVE-2022-46337
was published
for
org.apache.derby:derby
(Maven)
Nov 20, 2023
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or...
Moderate
Unreviewed
CVE-2023-6174
was published
Nov 16, 2023
An issue in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive...
High
Unreviewed
CVE-2023-48199
was published
Nov 16, 2023
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE...
Critical
Unreviewed
CVE-2023-44373
was published
Nov 14, 2023
Magnesium-PHP Injection vulnerability
Low
CVE-2017-20187
was published
for
floriangaerber/magnesium
(Composer)
Nov 5, 2023
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9...
Moderate
Unreviewed
CVE-2023-4767
was published
Nov 3, 2023
Dolibarr Improper Input Validation vulnerability
High
CVE-2023-4197
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
ProTip!
Advisories are also available from the
GraphQL API