GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
170 advisories
Filter by severity
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. * An...
Unknown
Unreviewed
CVE-2024-4420
was published
May 21, 2024
TYPO3 vulnerable to an HTML Injection in the History Module
Low
CVE-2024-34355
was published
for
typo3/cms-core
(Composer)
May 14, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Improper escaping in Apache Zeppelin
Moderate
CVE-2024-31866
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
KaTeX's `\includegraphics` does not escape filename
Moderate
CVE-2024-28245
was published
for
katex
(npm)
Mar 25, 2024
Ansible-core information disclosure flaw
Moderate
CVE-2024-0690
was published
for
ansible-core
(pip)
Feb 6, 2024
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a...
High
Unreviewed
CVE-2024-1064
was published
Feb 3, 2024
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to...
Critical
Unreviewed
CVE-2023-47143
was published
Feb 2, 2024
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1...
Moderate
Unreviewed
CVE-2024-0987
was published
Jan 29, 2024
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed...
Low
Unreviewed
CVE-2024-22229
was published
Jan 24, 2024
OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected...
Moderate
Unreviewed
CVE-2023-7234
was published
Jan 16, 2024
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly...
Moderate
Unreviewed
CVE-2024-0233
was published
Jan 16, 2024
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not...
Moderate
Unreviewed
CVE-2023-6005
was published
Jan 16, 2024
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization,...
Moderate
Unreviewed
CVE-2023-42183
was published
Dec 15, 2023
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized...
Low
Unreviewed
CVE-2023-26279
was published
Nov 24, 2023
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape...
Critical
Unreviewed
CVE-2023-38316
was published
Nov 17, 2023
Mattermost password hash disclosure vulnerability
Moderate
CVE-2023-5968
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Critical
CVE-2023-45135
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46300
was published
Oct 22, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46301
was published
Oct 22, 2023
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
High
CVE-2023-43620
was published
for
github.com/schollz/croc/v9
(Go)
Sep 20, 2023
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site...
Moderate
Unreviewed
CVE-2023-37875
was published
Sep 14, 2023
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can...
High
Unreviewed
CVE-2023-4571
was published
Aug 30, 2023
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Moderate
CVE-2023-40014
was published
for
@openzeppelin/contracts
(npm)
Aug 11, 2023
ProTip!
Advisories are also available from the
GraphQL API