Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,097 advisories

Loading
Kiali content spoofing vulnerability Moderate
CVE-2022-3962 was published for github.com/kiali/kiali (Go) Sep 23, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user... Moderate Unreviewed
CVE-2023-26142 was published Sep 19, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1... Moderate Unreviewed
CVE-2023-41834 was published Sep 19, 2023
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to... High Unreviewed
CVE-2023-36250 was published Sep 14, 2023
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field... Moderate Unreviewed
CVE-2023-4843 was published Sep 8, 2023
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows... High Unreviewed
CVE-2023-39424 was published Sep 7, 2023
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the... Critical Unreviewed
CVE-2023-1523 was published Sep 1, 2023
Sandbox escape via various forms of "format". High
CVE-2023-41039 was published for RestrictedPython (pip) Aug 30, 2023
ankush abhishekg999
d-maurer icemac Quasar0147
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can... High Unreviewed
CVE-2023-4571 was published Aug 30, 2023
Mattermost fails to restrict which parameters' values it takes from the request during signup... High Unreviewed
CVE-2023-4478 was published Aug 25, 2023
?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats... Moderate Unreviewed
CVE-2023-4212 was published Aug 22, 2023
Craft CMS vulnerable to Remote Code Execution via validatePath bypass High
CVE-2023-40035 was published for craftcms/cms (Composer) Aug 21, 2023
awakerrday
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical.... Moderate Unreviewed
CVE-2023-4450 was published Aug 21, 2023
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via... Critical Unreviewed
CVE-2022-24989 was published Aug 20, 2023
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-39659 was published for langchain (pip) Aug 15, 2023
eyurtsev
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-38896 was published for langchain (pip) Aug 15, 2023
llama-index vulnerable to arbitrary code execution Critical
CVE-2023-39662 was published for llama-index (pip) Aug 15, 2023
KaliforniaShell
PandasAI vulnerable to arbitrary code execution Critical
CVE-2023-39661 was published for pandasai (pip) Aug 15, 2023
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute... High Unreviewed
CVE-2020-28848 was published Aug 11, 2023
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2... High Unreviewed
CVE-2023-31209 was published Aug 10, 2023
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the... High Unreviewed
CVE-2023-33242 was published Aug 10, 2023
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a... Critical Unreviewed
CVE-2023-33241 was published Aug 10, 2023
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI... Critical Unreviewed
CVE-2023-39213 was published Aug 9, 2023
omeka/omeka-s Improper Input Validation vulnerability Moderate
CVE-2023-4157 was published for omeka/omeka-s (Composer) Aug 4, 2023
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template... Critical Unreviewed
CVE-2023-36210 was published Aug 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database