Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,154 advisories

Loading
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed
CVE-2023-42136 was published Jan 15, 2024
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature... High Unreviewed
CVE-2023-4818 was published Jan 15, 2024
PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow... Moderate Unreviewed
CVE-2023-42135 was published Jan 15, 2024
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized... Critical Unreviewed
CVE-2024-0552 was published Jan 15, 2024
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection.... Moderate Unreviewed
CVE-2023-31025 was published Jan 12, 2024
pyload Log Injection vulnerability Moderate
CVE-2024-21645 was published for pyload-ng (pip) Jan 8, 2024
PinkDraconian
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter... High Unreviewed
CVE-2023-29050 was published Jan 8, 2024
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit... Low Unreviewed
CVE-2023-6004 was published Jan 3, 2024
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. Moderate Unreviewed
CVE-2023-50093 was published Jan 3, 2024
CouchAuth host header injection vulnerability leaks the password reset token High
CVE-2023-39655 was published for @perfood/couch-auth (npm) Jan 3, 2024
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271) High
CVE-2023-51664 was published for tj-actions/changed-files (GitHub Actions) Jan 2, 2024
jorgectf jsoref
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker... High Unreviewed
CVE-2023-7114 was published Dec 29, 2023
ewen-lbh/ffcss Late-Unicode normalization vulnerability Moderate
CVE-2023-52081 was published for github.com/ewen-lbh/ffcss (Go) Dec 28, 2023
Sim4n6
On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication... High Unreviewed
CVE-2023-49328 was published Dec 25, 2023
A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210.... Moderate Unreviewed
CVE-2023-7039 was published Dec 21, 2023
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI... Moderate Unreviewed
CVE-2023-35895 was published Dec 20, 2023
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell... Critical Unreviewed
CVE-2023-46456 was published Dec 12, 2023
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting... High Unreviewed
CVE-2023-49964 was published Dec 11, 2023
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. High Unreviewed
CVE-2023-48841 was published Dec 7, 2023
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the... High Unreviewed
CVE-2023-48826 was published Dec 7, 2023
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. High Unreviewed
CVE-2023-48835 was published Dec 7, 2023
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. High Unreviewed
CVE-2023-48830 was published Dec 7, 2023
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated... Moderate Unreviewed
CVE-2023-48205 was published Dec 7, 2023
Mattermost Injection vulnerability High
CVE-2023-6458 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
This Template Injection vulnerability allows an authenticated attacker, including one with... Critical Unreviewed
CVE-2023-22522 was published Dec 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database