Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

317 advisories

Loading
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to... High Unreviewed
CVE-2024-43388 was published Sep 10, 2024
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable... High Unreviewed
CVE-2024-6331 was published Aug 4, 2024
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run... High Unreviewed
CVE-2023-46304 was published Apr 30, 2024
This vulnerability allows an already authenticated admin user to create a malicious payload that... High Unreviewed
CVE-2024-1882 was published Mar 14, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2024-23268 was published Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2024-23274 was published Mar 8, 2024
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could... High Unreviewed
CVE-2024-22319 was published Feb 2, 2024
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0... High Unreviewed
CVE-2023-51939 was published Feb 1, 2024
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed
CVE-2023-42136 was published Jan 15, 2024
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature... High Unreviewed
CVE-2023-4818 was published Jan 15, 2024
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter... High Unreviewed
CVE-2023-29050 was published Jan 8, 2024
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker... High Unreviewed
CVE-2023-7114 was published Dec 29, 2023
On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication... High Unreviewed
CVE-2023-49328 was published Dec 25, 2023
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting... High Unreviewed
CVE-2023-49964 was published Dec 11, 2023
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the... High Unreviewed
CVE-2023-48826 was published Dec 7, 2023
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. High Unreviewed
CVE-2023-48830 was published Dec 7, 2023
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. High Unreviewed
CVE-2023-48835 was published Dec 7, 2023
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. High Unreviewed
CVE-2023-48841 was published Dec 7, 2023
An issue in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive... High Unreviewed
CVE-2023-48199 was published Nov 16, 2023
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may... High Unreviewed
CVE-2023-44109 was published Oct 11, 2023
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a... High Unreviewed
CVE-2023-3665 was published Oct 4, 2023
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that... High Unreviewed
CVE-2023-43835 was published Oct 2, 2023
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname... High Unreviewed
CVE-2023-41580 was published Oct 2, 2023
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8,... High Unreviewed
CVE-2023-3922 was published Sep 29, 2023
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to... High Unreviewed
CVE-2023-36250 was published Sep 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database