GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
319 advisories
Filter by severity
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty...
High
Unreviewed
CVE-2023-29400
was published
May 11, 2023
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4,...
High
Unreviewed
CVE-2024-23280
was published
Mar 8, 2024
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts....
High
Unreviewed
CVE-2023-24539
was published
May 11, 2023
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All...
High
Unreviewed
CVE-2024-50572
was published
Nov 12, 2024
A user controlled parameter related to SMTP test functionality is not correctly validated making...
High
Unreviewed
CVE-2021-31988
was published
May 24, 2022
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when...
High
Unreviewed
CVE-2023-26130
was published
May 30, 2023
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon...
High
Unreviewed
CVE-2021-39128
was published
May 24, 2022
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can...
High
Unreviewed
CVE-2023-42136
was published
Jan 15, 2024
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature...
High
Unreviewed
CVE-2023-4818
was published
Jan 15, 2024
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
High
Unreviewed
CVE-2023-48841
was published
Dec 7, 2023
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account...
High
Unreviewed
CVE-2021-39114
was published
Apr 6, 2022
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8,...
High
Unreviewed
CVE-2023-3922
was published
Sep 29, 2023
This vulnerability allows an already authenticated admin user to create a malicious payload that...
High
Unreviewed
CVE-2024-1882
was published
Mar 14, 2024
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to...
High
Unreviewed
CVE-2024-43388
was published
Sep 10, 2024
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2...
High
Unreviewed
CVE-2023-31209
was published
Aug 10, 2023
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable...
High
Unreviewed
CVE-2024-6331
was published
Aug 4, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-23268
was published
Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-23274
was published
Mar 8, 2024
DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1...
High
Unreviewed
CVE-2020-8515
was published
May 24, 2022
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run...
High
Unreviewed
CVE-2023-46304
was published
Apr 30, 2024
By sending specific queries to the resolver, an attacker can cause named to crash.
High
Unreviewed
CVE-2022-3080
was published
Sep 22, 2022
An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest...
High
Unreviewed
CVE-2023-2760
was published
Jul 17, 2023
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to ...
High
Unreviewed
CVE-2019-17123
was published
May 24, 2022
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a...
High
Unreviewed
CVE-2023-3665
was published
Oct 4, 2023
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET...
High
Unreviewed
CVE-2023-27533
was published
Mar 30, 2023
ProTip!
Advisories are also available from the
GraphQL API