Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

211 advisories

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated... Moderate Unreviewed
CVE-2023-49587 was published Dec 12, 2023
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary... Moderate Unreviewed
CVE-2023-24046 was published Dec 5, 2023
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2023-20170 was published Nov 1, 2023
Command Injection in pip when used with Mercurial Moderate
CVE-2023-5752 was published for pip (pip) Oct 25, 2023
mwpeterson
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote... Moderate Unreviewed
CVE-2023-43510 was published Oct 25, 2023
?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats... Moderate Unreviewed
CVE-2023-4212 was published Aug 22, 2023
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230807. It... Moderate Unreviewed
CVE-2023-4414 was published Aug 18, 2023
A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent... Moderate Unreviewed
CVE-2023-20237 was published Aug 17, 2023
Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC... Moderate Unreviewed
CVE-2023-40293 was published Aug 14, 2023
ScanCode.io command injection in docker image fetch process Moderate
CVE-2023-39523 was published for scancodeio (pip) Aug 9, 2023
0xmpij
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722 and... Moderate Unreviewed
CVE-2023-4120 was published Aug 3, 2023
Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail... Moderate Unreviewed
CVE-2023-26430 was published Aug 2, 2023
Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0... Moderate Unreviewed
CVE-2023-3739 was published Aug 2, 2023
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using... Moderate Unreviewed
CVE-2023-31429 was published Aug 1, 2023
An attacker having physical access to WDM can plug USB device to gain access and execute unwanted... Moderate Unreviewed
CVE-2022-46361 was published Jul 6, 2023
Concrete CMS Cross-site Scripting vulnerability Moderate
CVE-2022-43695 was published for concrete5/concrete5 (Composer) Jul 6, 2023
1Panel vulnerable to command injection when entering the container terminal Moderate
CVE-2023-36458 was published for github.com/1Panel-dev/1Panel (Go) Jul 5, 2023
Malayke
1Panel vulnerable to command injection when adding container repositories Moderate
CVE-2023-36457 was published for github.com/1Panel-dev/1Panel (Go) Jul 5, 2023
Post-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5... Moderate Unreviewed
CVE-2023-22815 was published Jul 1, 2023
Control characters were not removed when exporting user feedback content. This allowed attackers... Moderate Unreviewed
CVE-2023-26429 was published Jun 20, 2023
A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Affected by this... Moderate Unreviewed
CVE-2023-3206 was published Jun 12, 2023
An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can... Moderate Unreviewed
CVE-2020-29547 was published May 29, 2023
A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue... Moderate Unreviewed
CVE-2023-2682 was published May 12, 2023
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in... Moderate Unreviewed
CVE-2023-31473 was published May 11, 2023
A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2023-2647 was published May 11, 2023
ProTip! Advisories are also available from the GraphQL API