GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,097 advisories
Filter by severity
Kiali content spoofing vulnerability
Moderate
CVE-2022-3962
was published
for
github.com/kiali/kiali
(Go)
Sep 23, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user...
Moderate
Unreviewed
CVE-2023-26142
was published
Sep 19, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1...
Moderate
Unreviewed
CVE-2023-41834
was published
Sep 19, 2023
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to...
High
Unreviewed
CVE-2023-36250
was published
Sep 14, 2023
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field...
Moderate
Unreviewed
CVE-2023-4843
was published
Sep 8, 2023
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows...
High
Unreviewed
CVE-2023-39424
was published
Sep 7, 2023
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the...
Critical
Unreviewed
CVE-2023-1523
was published
Sep 1, 2023
Sandbox escape via various forms of "format".
High
CVE-2023-41039
was published
for
RestrictedPython
(pip)
Aug 30, 2023
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can...
High
Unreviewed
CVE-2023-4571
was published
Aug 30, 2023
Mattermost fails to restrict which parameters' values it takes from the request during signup...
High
Unreviewed
CVE-2023-4478
was published
Aug 25, 2023
?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats...
Moderate
Unreviewed
CVE-2023-4212
was published
Aug 22, 2023
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
High
CVE-2023-40035
was published
for
craftcms/cms
(Composer)
Aug 21, 2023
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical....
Moderate
Unreviewed
CVE-2023-4450
was published
Aug 21, 2023
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via...
Critical
Unreviewed
CVE-2022-24989
was published
Aug 20, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-39659
was published
for
langchain
(pip)
Aug 15, 2023
LangChain vulnerable to arbitrary code execution
Critical
CVE-2023-38896
was published
for
langchain
(pip)
Aug 15, 2023
llama-index vulnerable to arbitrary code execution
Critical
CVE-2023-39662
was published
for
llama-index
(pip)
Aug 15, 2023
PandasAI vulnerable to arbitrary code execution
Critical
CVE-2023-39661
was published
for
pandasai
(pip)
Aug 15, 2023
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute...
High
Unreviewed
CVE-2020-28848
was published
Aug 11, 2023
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2...
High
Unreviewed
CVE-2023-31209
was published
Aug 10, 2023
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the...
High
Unreviewed
CVE-2023-33242
was published
Aug 10, 2023
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a...
Critical
Unreviewed
CVE-2023-33241
was published
Aug 10, 2023
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI...
Critical
Unreviewed
CVE-2023-39213
was published
Aug 9, 2023
omeka/omeka-s Improper Input Validation vulnerability
Moderate
CVE-2023-4157
was published
for
omeka/omeka-s
(Composer)
Aug 4, 2023
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template...
Critical
Unreviewed
CVE-2023-36210
was published
Aug 1, 2023
ProTip!
Advisories are also available from the
GraphQL API