GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,275
Composer 4,356
Erlang 31
GitHub Actions 22
Go 2,120
Maven 5,297
npm 3,782
NuGet 683
pip 3,460
Pub 12
RubyGems 893
Rust 892
Swift 38

Unreviewed advisories

All unreviewed 244,070

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

131 advisories

Filter by severity

Sort by

Least recently updated

Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data... Critical Unreviewed

CVE-2023-22527 was published Jan 16, 2024

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed

CVE-2019-2725 was published May 24, 2022

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed

CVE-2022-26134 was published Jun 4, 2022

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed

CVE-2021-26084 was published May 24, 2022

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to... Critical Unreviewed

CVE-2022-3236 was published Sep 25, 2022

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates... Critical Unreviewed

CVE-2023-24540 was published May 11, 2023

A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000... Critical Unreviewed

CVE-2024-36295 was published Jan 14, 2025

A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink... Critical Unreviewed

CVE-2024-21797 was published Jan 14, 2025

A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink... Critical Unreviewed

CVE-2024-34544 was published Jan 14, 2025

A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink... Critical Unreviewed

CVE-2024-39604 was published Jan 14, 2025

Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed

CVE-2024-39784 was published Jan 14, 2025

Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed

CVE-2024-39785 was published Jan 14, 2025

The go command may execute arbitrary code at build time when using cgo. This may occur when... Critical Unreviewed

CVE-2023-29405 was published Jun 8, 2023

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It... Critical Unreviewed

CVE-2024-10914 was published Nov 6, 2024

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI... Critical Unreviewed

CVE-2023-39213 was published Aug 9, 2023

A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Critical Unreviewed

CVE-2023-44373 was published Nov 14, 2023

A host header injection vulnerability exists in the forgot password functionality of ArrowCMS... Critical Unreviewed

CVE-2024-42914 was published Aug 23, 2024

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)... Critical Unreviewed

CVE-2024-40324 was published Jul 25, 2024

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed

CVE-2024-39227 was published Aug 6, 2024

DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)... Critical Unreviewed

CVE-2024-37759 was published Jun 24, 2024

Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows... Critical Unreviewed

CVE-2024-39704 was published Jul 3, 2024

An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay... Critical Unreviewed

CVE-2024-34919 was published May 17, 2024

An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions... Critical Unreviewed

CVE-2023-33566 was published Jun 27, 2023

Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to... Critical Unreviewed

CVE-2022-47583 was published Oct 19, 2023

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the... Critical Unreviewed

CVE-2023-1523 was published Sep 1, 2023

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

131 advisories