GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,198
Composer 4,343
Erlang 31
GitHub Actions 22
Go 2,107
Maven 5,283
npm 3,764
NuGet 679
pip 3,452
Pub 12
RubyGems 892
Rust 886
Swift 37

Unreviewed advisories

All unreviewed 243,202

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

131 advisories

Filter by severity

Sort by

Least recently updated

MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template... Critical Unreviewed

CVE-2023-36210 was published Aug 1, 2023

An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions... Critical Unreviewed

CVE-2023-33566 was published Jun 27, 2023

The go command may execute arbitrary code at build time when using cgo. This may occur when... Critical Unreviewed

CVE-2023-29405 was published Jun 8, 2023

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates... Critical Unreviewed

CVE-2023-24540 was published May 11, 2023

ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable,... Critical Unreviewed

CVE-2023-29827 was published May 4, 2023

Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability... Critical Unreviewed

CVE-2023-27040 was published Mar 16, 2023

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication... Critical Unreviewed

CVE-2023-26261 was published Mar 8, 2023

A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as... Critical Unreviewed

CVE-2017-20174 was published Jan 19, 2023

A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14... Critical Unreviewed

CVE-2015-10062 was published Jan 17, 2023

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP.... Critical Unreviewed

CVE-2015-10027 was published Jan 7, 2023

A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as... Critical Unreviewed

CVE-2016-15007 was published Jan 2, 2023

A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the... Critical Unreviewed

CVE-2022-4768 was published Dec 28, 2022

Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. Critical Unreviewed

CVE-2022-40434 was published Dec 20, 2022

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background... Critical Unreviewed

CVE-2022-4170 was published Dec 9, 2022

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). Critical Unreviewed

CVE-2022-45550 was published Dec 7, 2022

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to... Critical Unreviewed

CVE-2022-3643 was published Dec 7, 2022

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This... Critical Unreviewed

CVE-2022-4257 was published Dec 1, 2022

A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue... Critical Unreviewed

CVE-2022-4011 was published Nov 16, 2022

A vulnerability has been found in Activity Log Plugin and classified as critical. This... Critical Unreviewed

CVE-2022-3941 was published Nov 11, 2022

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Critical Unreviewed

CVE-2022-27858 was published Nov 9, 2022

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper... Critical Unreviewed

CVE-2021-38395 was published Oct 28, 2022

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in... Critical Unreviewed

CVE-2020-27602 was published Sep 30, 2022

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to... Critical Unreviewed

CVE-2022-3236 was published Sep 25, 2022

Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can... Critical Unreviewed

CVE-2022-34773 was published Aug 23, 2022

totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows... Critical Unreviewed

CVE-2022-34294 was published Aug 16, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

131 advisories