Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,124
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,551 advisories

Loading
PHAR deserialization allowing remote code execution Critical
CVE-2023-28115 was published for knplabs/knp-snappy (Composer) Mar 17, 2023
psmoros nightfury99
Use of hard-coded, security-relevant constants in deepset-ai/haystack Critical
CVE-2023-1712 was published for farm-haystack (pip) Mar 30, 2023
Out of bounds read in bra Critical
CVE-2021-25905 was published for bra (Rust) Aug 25, 2021
tdunlap607
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter Critical
CVE-2022-36663 was published for org.gluu:oxauth-common (Maven) Sep 7, 2022
tdunlap607
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username'... Critical Unreviewed
CVE-2022-40032 was published Feb 17, 2023
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in ... Critical Unreviewed
CVE-2022-40347 was published Feb 17, 2023
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This... Critical Unreviewed
CVE-2023-1699 was published Mar 30, 2023
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5... Critical Unreviewed
CVE-2023-28507 was published Mar 29, 2023
This vulnerability allows remote attackers to delete arbitrary files on affected installations of... Critical Unreviewed
CVE-2022-2560 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36978 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36981 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36977 was published Mar 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2022-36979 was published Mar 29, 2023
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3.... Critical Unreviewed
CVE-2023-1610 was published Mar 23, 2023
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external... Critical Unreviewed
CVE-2023-28152 was published Mar 24, 2023
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Critical Unreviewed
CVE-2019-5481 was published May 24, 2022
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection... Critical Unreviewed
CVE-2022-28496 was published Mar 23, 2023
In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible out of bounds write due to a... Critical Unreviewed
CVE-2023-21058 was published Mar 24, 2023
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect... Critical Unreviewed
CVE-2023-20954 was published Mar 24, 2023
In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a... Critical Unreviewed
CVE-2023-20951 was published Mar 24, 2023
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication Critical
CVE-2018-18389 was published for org.neo4j:neo4j-enterprise (Maven) Oct 17, 2018
tdunlap607
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location Critical
CVE-2018-12542 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
tdunlap607
A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E... Critical Unreviewed
CVE-2023-1734 was published Mar 30, 2023
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an... Critical Unreviewed
CVE-2023-28662 was published Mar 22, 2023
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection... Critical Unreviewed
CVE-2023-24655 was published Mar 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database