GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
124 advisories
Filter by severity
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI...
Critical
Unreviewed
CVE-2023-39213
was published
Aug 9, 2023
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE...
Critical
Unreviewed
CVE-2023-44373
was published
Nov 14, 2023
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS...
Critical
Unreviewed
CVE-2024-42914
was published
Aug 23, 2024
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)...
Critical
Unreviewed
CVE-2024-40324
was published
Jul 25, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39227
was published
Aug 6, 2024
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)...
Critical
Unreviewed
CVE-2024-37759
was published
Jun 24, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows...
Critical
Unreviewed
CVE-2024-39704
was published
Jul 3, 2024
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay...
Critical
Unreviewed
CVE-2024-34919
was published
May 17, 2024
An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions...
Critical
Unreviewed
CVE-2023-33566
was published
Jun 27, 2023
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to...
Critical
Unreviewed
CVE-2022-47583
was published
Oct 19, 2023
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the...
Critical
Unreviewed
CVE-2023-1523
was published
Sep 1, 2023
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via...
Critical
Unreviewed
CVE-2022-24989
was published
Aug 20, 2023
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a...
Critical
Unreviewed
CVE-2023-33241
was published
Aug 10, 2023
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template...
Critical
Unreviewed
CVE-2023-36210
was published
Aug 1, 2023
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates...
Critical
Unreviewed
CVE-2023-24540
was published
May 11, 2023
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager...
Critical
Unreviewed
CVE-2020-15348
was published
May 24, 2022
Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64...
Critical
Unreviewed
CVE-2020-5505
was published
May 24, 2022
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by...
Critical
Unreviewed
CVE-2019-19330
was published
May 24, 2022
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may...
Critical
Unreviewed
CVE-2019-9535
was published
May 24, 2022
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.
Critical
Unreviewed
CVE-2017-18583
was published
May 24, 2022
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as...
Critical
Unreviewed
CVE-2019-12966
was published
May 24, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules...
Critical
Unreviewed
CVE-2016-8900
was published
May 24, 2022
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.
Critical
Unreviewed
CVE-2016-8901
was published
May 24, 2022
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules...
Critical
Unreviewed
CVE-2016-8899
was published
May 24, 2022
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data
Critical
Unreviewed
CVE-2014-3700
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API