Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

475 advisories

Loading
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to... High Unreviewed
CVE-2023-36250 was published Sep 14, 2023
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows... High Unreviewed
CVE-2023-39424 was published Sep 7, 2023
Mattermost fails to restrict which parameters' values it takes from the request during signup... High Unreviewed
CVE-2023-4478 was published Aug 25, 2023
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute... High Unreviewed
CVE-2020-28848 was published Aug 11, 2023
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the... High Unreviewed
CVE-2023-33242 was published Aug 10, 2023
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2023-38609 was published Jul 28, 2023
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote... High Unreviewed
CVE-2023-34203 was published Jun 23, 2023
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second... High Unreviewed
CVE-2023-35810 was published Jun 18, 2023
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements... High Unreviewed
CVE-2023-30575 was published Jun 7, 2023
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and... High Unreviewed
CVE-2019-25150 was published Jun 7, 2023
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows... High Unreviewed
CVE-2020-14987 was published May 24, 2022
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11.... High Unreviewed
CVE-2020-12855 was published May 24, 2022
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution... High Unreviewed
CVE-2020-5604 was published May 24, 2022
CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. High Unreviewed
CVE-2019-13285 was published May 24, 2022
cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and... High Unreviewed
CVE-2020-11709 was published May 24, 2022
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax... High Unreviewed
CVE-2020-11703 was published May 24, 2022
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through... High Unreviewed
CVE-2019-4558 was published May 24, 2022
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0,... High Unreviewed
CVE-2019-11277 was published May 24, 2022
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core... High Unreviewed
CVE-2019-5404 was published May 24, 2022
cPanel before 58.0.4 has improper session handling for shared users (SEC-139). High Unreviewed
CVE-2016-10801 was published May 24, 2022
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin ... High Unreviewed
CVE-2017-18386 was published May 24, 2022
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style... High Unreviewed
CVE-2017-18387 was published May 24, 2022
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts... High Unreviewed
CVE-2016-10847 was published May 24, 2022
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts... High Unreviewed
CVE-2016-10845 was published May 24, 2022
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files ... High Unreviewed
CVE-2018-20914 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database