Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
Pimcore Host Header Injection in user invitation link High
CVE-2024-25625 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 20, 2024
v0lck3r
Query Binding Exploitation High
CVE-2021-21263 was published for illuminate/database (Composer) Jan 19, 2021
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An... High Unreviewed
CVE-2022-1509 was published Apr 29, 2022
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may... High Unreviewed
CVE-2023-44109 was published Oct 11, 2023
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker High
CVE-2021-41232 was published for github.com/stevenweathers/thunderdome-planning-poker (Go) Nov 8, 2021
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0... High Unreviewed
CVE-2023-51939 was published Feb 1, 2024
Sandbox Escape by math function in smarty High
CVE-2021-29454 was published for smarty/smarty (Composer) Jan 12, 2022
PHPMailer untrusted code may be run from an overridden address validator High
CVE-2021-3603 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
0xcrypto
Potential Remote Code Execution vulnerability High
CVE-2020-15227 was published for nette/application (Composer) Oct 2, 2020
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could... High Unreviewed
CVE-2024-22319 was published Feb 2, 2024
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Craft CMS Feed-Me High
CVE-2023-36260 was published for craftcms/cms (Composer) Jan 30, 2024
Code injection in Twig High
CVE-2022-23614 was published for twig/twig (Composer) Feb 10, 2022
Host header injection in the password reset High
CVE-2024-23648 was published for pimcore/admin-ui-classic-bundle (Composer) Jan 24, 2024
Mathisca
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability... High Unreviewed
CVE-2023-3997 was published Jul 31, 2023
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker... High Unreviewed
CVE-2023-7114 was published Dec 29, 2023
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter... High Unreviewed
CVE-2023-29050 was published Jan 8, 2024
On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication... High Unreviewed
CVE-2023-49328 was published Dec 25, 2023
CouchAuth host header injection vulnerability leaks the password reset token High
CVE-2023-39655 was published for @perfood/couch-auth (npm) Jan 3, 2024
juzawebCMS Injection vulnerability High
CVE-2023-46468 was published for juzaweb/cms (Composer) Oct 28, 2023
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271) High
CVE-2023-51664 was published for tj-actions/changed-files (GitHub Actions) Jan 2, 2024
jorgectf jsoref
A remote code execution vulnerability exists in Microsoft Exchange server due to improper... High Unreviewed
CVE-2020-16875 was published May 24, 2022
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting... High Unreviewed
CVE-2023-49964 was published Dec 11, 2023
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. High Unreviewed
CVE-2023-48830 was published Dec 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database