GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
209 advisories
Filter by severity
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46300
was published
Oct 22, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46301
was published
Oct 22, 2023
React Developer Tools extension Improper Authorization vulnerability
Moderate
CVE-2023-5654
was published
for
react-devtools-core
(npm)
Oct 19, 2023
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
High
CVE-2023-43620
was published
for
github.com/schollz/croc/v9
(Go)
Sep 20, 2023
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site...
Moderate
Unreviewed
CVE-2023-37875
was published
Sep 14, 2023
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can...
High
Unreviewed
CVE-2023-4571
was published
Aug 30, 2023
Vulnerability of input parameter verification in certain APIs in the window management module....
High
Unreviewed
CVE-2023-39390
was published
Aug 13, 2023
Vulnerability of input parameters being not strictly verified in the PMS module. Successful...
High
Unreviewed
CVE-2023-39386
was published
Aug 13, 2023
Input verification vulnerability in the storage module. Successful exploitation of this...
High
Unreviewed
CVE-2023-39381
was published
Aug 13, 2023
Input verification vulnerability in the audio module. Successful exploitation of this...
High
Unreviewed
CVE-2023-39382
was published
Aug 13, 2023
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Moderate
CVE-2023-40014
was published
for
@openzeppelin/contracts
(npm)
Aug 11, 2023
Critters Cross-site Scripting Vulnerability
Moderate
CVE-2023-3481
was published
for
critters
(npm)
Aug 11, 2023
Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability...
High
Unreviewed
CVE-2022-36392
was published
Aug 11, 2023
PrestaShop XSS injection through Validate::isCleanHTML method
High
CVE-2023-39527
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability...
High
Unreviewed
CVE-2023-3997
was published
Jul 31, 2023
Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was...
High
Unreviewed
CVE-2022-43713
was published
Jul 26, 2023
RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.
Moderate
Unreviewed
CVE-2022-31458
was published
Jul 25, 2023
Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax
Moderate
CVE-2023-34036
was published
for
org.springframework.hateoas:spring-hateoas
(Maven)
Jul 17, 2023
Froxlor vulnerable to Improper Encoding or Escaping of Output
Critical
CVE-2023-3668
was published
for
froxlor/froxlor
(Composer)
Jul 14, 2023
Controller DoS due to stack overflow when decoding a message from the server
High
Unreviewed
CVE-2023-24480
was published
Jul 13, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15...
Moderate
Unreviewed
CVE-2023-2200
was published
Jul 13, 2023
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10,...
Moderate
Unreviewed
CVE-2023-36919
was published
Jul 11, 2023
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with...
High
Unreviewed
CVE-2023-36921
was published
Jul 11, 2023
TeamPass vulnerable to Improper Encoding or Escaping of Output
High
CVE-2023-3552
was published
for
nilsteampassnet/teampass
(Composer)
Jul 8, 2023
Teampass Cross-site Scripting vulnerability
Moderate
CVE-2023-3190
was published
for
nilsteampassnet/teampass
(Composer)
Jun 10, 2023
ProTip!
Advisories are also available from the
GraphQL API