GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
467 advisories
Filter by severity
ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user...
High
Unreviewed
CVE-2023-25719
was published
Feb 13, 2023
Withdrawn Advisory: HTML injections in BTCPayServer
High
CVE-2023-0493
was published
for
BTCPayServer.Client
(NuGet)
Jan 27, 2023
•
withdrawn
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1...
High
Unreviewed
CVE-2022-4092
was published
Jan 26, 2023
** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the...
High
Unreviewed
CVE-2023-24040
was published
Jan 21, 2023
ExifTool vulnerable to arbitrary code execution
High
GHSA-q95h-cqrv-8jv5
was published
for
exiftool_vendored
(RubyGems)
Jan 20, 2023
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is...
High
Unreviewed
CVE-2023-23749
was published
Jan 17, 2023
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub...
High
Unreviewed
CVE-2023-0302
was published
Jan 15, 2023
Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection.
High
Unreviewed
CVE-2022-47083
was published
Jan 10, 2023
Improper neutralization of special elements in output used by a downstream component ('Injection'...
High
Unreviewed
CVE-2022-43932
was published
Jan 5, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the...
High
Unreviewed
CVE-2017-20161
was published
Jan 2, 2023
Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who...
High
Unreviewed
CVE-2022-46873
was published
Dec 22, 2022
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by...
High
Unreviewed
CVE-2022-43883
was published
Dec 19, 2022
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via...
High
Unreviewed
CVE-2022-3724
was published
Dec 9, 2022
A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This...
High
Unreviewed
CVE-2022-4322
was published
Dec 7, 2022
A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some...
High
Unreviewed
CVE-2022-4300
was published
Dec 6, 2022
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is...
High
Unreviewed
CVE-2022-4282
was published
Dec 5, 2022
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and...
High
Unreviewed
CVE-2022-35507
was published
Dec 4, 2022
Account Takeover Through Password Reset Poisoning
High
CVE-2022-33012
was published
for
microweber/microweber
(Composer)
Nov 22, 2022
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is...
High
Unreviewed
CVE-2022-3967
was published
Nov 13, 2022
Withdrawn: Octocat.js vulnerable to code injection
High
CVE-2022-39390
was published
for
octocat.js
(npm)
Nov 8, 2022
•
withdrawn
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...
High
Unreviewed
CVE-2022-41716
was published
Nov 2, 2022
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated...
High
Unreviewed
CVE-2022-39016
was published
Nov 1, 2022
ProTip!
Advisories are also available from the
GraphQL API