Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

325 advisories

Loading
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow... Moderate Unreviewed
CVE-2023-4393 was published Oct 30, 2023
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary... Moderate Unreviewed
CVE-2023-45540 was published Oct 17, 2023
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote,... Moderate Unreviewed
CVE-2022-4145 was published Oct 5, 2023
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user... Moderate Unreviewed
CVE-2023-26148 was published Sep 29, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user... Moderate Unreviewed
CVE-2023-26142 was published Sep 19, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1... Moderate Unreviewed
CVE-2023-41834 was published Sep 19, 2023
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field... Moderate Unreviewed
CVE-2023-4843 was published Sep 8, 2023
?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats... Moderate Unreviewed
CVE-2023-4212 was published Aug 22, 2023
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical.... Moderate Unreviewed
CVE-2023-4450 was published Aug 21, 2023
A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute... Moderate Unreviewed
CVE-2020-24275 was published Jul 20, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15... Moderate Unreviewed
CVE-2023-3444 was published Jul 13, 2023
PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon,... Moderate Unreviewed
CVE-2022-35739 was published Jul 6, 2023
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when... Moderate Unreviewed
CVE-2023-26138 was published Jul 6, 2023
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected... Moderate Unreviewed
CVE-2023-3380 was published Jun 23, 2023
Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or... Moderate Unreviewed
CVE-2023-28016 was published Jun 23, 2023
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private... Moderate Unreviewed
CVE-2023-2797 was published Jun 16, 2023
Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim... Moderate Unreviewed
CVE-2023-28598 was published Jun 13, 2023
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could... Moderate Unreviewed
CVE-2023-28599 was published Jun 13, 2023
An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of... Moderate Unreviewed
CVE-2022-47028 was published May 30, 2023
Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows... Moderate Unreviewed
CVE-2023-29389 was published Apr 5, 2023
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to... Moderate Unreviewed
CVE-2022-36775 was published Feb 17, 2023
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied... Moderate Unreviewed
CVE-2023-0476 was published Jan 26, 2023
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password... Moderate Unreviewed
CVE-2021-37499 was published Jan 20, 2023
A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security... Moderate Unreviewed
CVE-2023-20057 was published Jan 20, 2023
A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability... Moderate Unreviewed
CVE-2015-10040 was published Jan 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database