GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,040
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
86 advisories
Filter by severity
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate
CVE-2024-10006
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33...
Moderate
Unreviewed
CVE-2024-40088
was published
Oct 21, 2024
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab...
Moderate
Unreviewed
CVE-2024-47224
was published
Oct 21, 2024
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x...
Moderate
Unreviewed
CVE-2023-45359
was published
Oct 9, 2024
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS...
Moderate
Unreviewed
CVE-2024-47845
was published
Oct 5, 2024
A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-8297
was published
Aug 29, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6...
Moderate
Unreviewed
CVE-2024-6329
was published
Aug 8, 2024
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper...
Moderate
Unreviewed
CVE-2023-26289
was published
Jul 30, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header...
Moderate
Unreviewed
CVE-2024-39736
was published
Jul 15, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
KaTeX's `\includegraphics` does not escape filename
Moderate
CVE-2024-28245
was published
for
katex
(npm)
Mar 25, 2024
Ansible-core information disclosure flaw
Moderate
CVE-2024-0690
was published
for
ansible-core
(pip)
Feb 6, 2024
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1...
Moderate
Unreviewed
CVE-2024-0987
was published
Jan 29, 2024
OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected...
Moderate
Unreviewed
CVE-2023-7234
was published
Jan 16, 2024
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not...
Moderate
Unreviewed
CVE-2023-6005
was published
Jan 16, 2024
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly...
Moderate
Unreviewed
CVE-2024-0233
was published
Jan 16, 2024
lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization,...
Moderate
Unreviewed
CVE-2023-42183
was published
Dec 15, 2023
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide...
Moderate
Unreviewed
CVE-2023-40453
was published
Nov 14, 2023
Mattermost password hash disclosure vulnerability
Moderate
CVE-2023-5968
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow...
Moderate
Unreviewed
CVE-2023-4393
was published
Oct 30, 2023
React Developer Tools extension Improper Authorization vulnerability
Moderate
CVE-2023-5654
was published
for
react-devtools-core
(npm)
Oct 19, 2023
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site...
Moderate
Unreviewed
CVE-2023-37875
was published
Sep 14, 2023
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Moderate
CVE-2023-40014
was published
for
@openzeppelin/contracts
(npm)
Aug 11, 2023
Critters Cross-site Scripting Vulnerability
Moderate
CVE-2023-3481
was published
for
critters
(npm)
Aug 11, 2023
RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.
Moderate
Unreviewed
CVE-2022-31458
was published
Jul 25, 2023
ProTip!
Advisories are also available from the
GraphQL API