Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

472 advisories

Loading
In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430,... High Unreviewed
CVE-2023-25616 was published Mar 14, 2023
debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of... High Unreviewed
CVE-2023-27635 was published Mar 6, 2023
An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14... High Unreviewed
CVE-2022-42797 was published Feb 27, 2023
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8... High Unreviewed
CVE-2023-20858 was published Feb 22, 2023
Command injection in Apache Sling High
CVE-2023-25141 was published for org.apache.sling:org.apache.sling.jcr.base (Maven) Feb 14, 2023
ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user... High Unreviewed
CVE-2023-25719 was published Feb 13, 2023
Withdrawn Advisory: HTML injections in BTCPayServer High
CVE-2023-0493 was published for BTCPayServer.Client (NuGet) Jan 27, 2023 withdrawn
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1... High Unreviewed
CVE-2022-4092 was published Jan 26, 2023
** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the... High Unreviewed
CVE-2023-24040 was published Jan 21, 2023
ExifTool vulnerable to arbitrary code execution High
GHSA-q95h-cqrv-8jv5 was published for exiftool_vendored (RubyGems) Jan 20, 2023
dgollahon
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is... High Unreviewed
CVE-2023-23749 was published Jan 17, 2023
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub... High Unreviewed
CVE-2023-0302 was published Jan 15, 2023
Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection. High Unreviewed
CVE-2022-47083 was published Jan 10, 2023
Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed
CVE-2022-43932 was published Jan 5, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel
A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the... High Unreviewed
CVE-2017-20161 was published Jan 2, 2023
Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who... High Unreviewed
CVE-2022-46873 was published Dec 22, 2022
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by... High Unreviewed
CVE-2022-43883 was published Dec 19, 2022
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via... High Unreviewed
CVE-2022-3724 was published Dec 9, 2022
A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This... High Unreviewed
CVE-2022-4322 was published Dec 7, 2022
A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some... High Unreviewed
CVE-2022-4300 was published Dec 6, 2022
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is... High Unreviewed
CVE-2022-4282 was published Dec 5, 2022
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and... High Unreviewed
CVE-2022-35507 was published Dec 4, 2022
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database