Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification... Moderate Unreviewed
CVE-2024-7472 was published Oct 29, 2024
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions... Moderate Unreviewed
CVE-2024-9940 was published Oct 17, 2024
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution ... Moderate Unreviewed
CVE-2024-37779 was published Sep 23, 2024
Untrusted Query Object Evaluation in RPC API High
GHSA-64f8-pjgr-9wmr was published for surrealdb (Rust) Sep 11, 2024
RaphaelDarley
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39227 was published Aug 6, 2024
An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an... High Unreviewed
CVE-2024-24257 was published Jul 26, 2024
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions... High Unreviewed
CVE-2024-36997 was published Jul 1, 2024
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions... High Unreviewed
CVE-2024-36983 was published Jul 1, 2024
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST... Critical Unreviewed
CVE-2024-39243 was published Jun 26, 2024
On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform... High Unreviewed
CVE-2024-37570 was published Jun 9, 2024
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without... Moderate Unreviewed
CVE-2024-31812 was published Apr 8, 2024
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE)... High Unreviewed
CVE-2024-31809 was published Apr 8, 2024
Winter CMS Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-29686 was published for wintercms/winter (Composer) Mar 29, 2024
Black vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2024-21503 was published for black (pip) Mar 19, 2024
A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in... High Unreviewed
CVE-2024-0801 was published Mar 13, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2024-23268 was published Mar 8, 2024
An injection issue was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2024-23274 was published Mar 8, 2024
A remote code execution vulnerability has been identified in the User Defined Tags module of CMS... High Unreviewed
CVE-2024-27622 was published Mar 5, 2024
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri Moderate
CVE-2023-6134 was published for org.keycloak:keycloak-services (Maven) Dec 18, 2023
lauritzh
Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri Moderate
GHSA-5968-qw33-h47j was published for org.keycloak:keycloak-services (Maven) Dec 15, 2023 withdrawn
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Critical
CVE-2023-40743 was published for axis:axis (Maven) Sep 5, 2023
jkmartindale ebickle
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter High
CVE-2023-1758 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET... High Unreviewed
CVE-2023-27533 was published Mar 30, 2023
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub... High Unreviewed
CVE-2023-0302 was published Jan 15, 2023
** DISPUTED ** The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows... High Unreviewed
CVE-2022-48217 was published Jan 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database