GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,449 advisories
Filter by severity
Named path parameters can be overridden in TrieRouter
Moderate
CVE-2023-50710
was published
for
hono
(npm)
Dec 15, 2023
This vulnerability allows an remote attacker with low privileges to misuse Improper Control of...
High
Unreviewed
CVE-2023-5500
was published
Dec 11, 2023
Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to...
High
Unreviewed
CVE-2023-6288
was published
Dec 6, 2023
Pre-auth RCE in Apache Ofbiz 18.12.09.
It's due to XML-RPC no longer maintained still present....
Critical
Unreviewed
CVE-2023-49070
was published
Dec 5, 2023
The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution)...
High
Unreviewed
CVE-2023-5762
was published
Dec 5, 2023
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Critical
CVE-2023-49093
was published
for
org.htmlunit:htmlunit
(Maven)
Dec 4, 2023
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
Critical
CVE-2023-48887
was published
for
org.jupiter-rpc:jupiter-rpc
(Maven)
Dec 2, 2023
An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions...
Moderate
Unreviewed
CVE-2023-5226
was published
Dec 1, 2023
October CMS safe mode bypass using Twig sandbox escape
Critical
CVE-2023-44382
was published
for
october/system
(Composer)
Nov 29, 2023
October CMS safe mode bypass using Page template injection
Moderate
CVE-2023-44381
was published
for
october/system
(Composer)
Nov 29, 2023
Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is...
Critical
Unreviewed
CVE-2023-49314
was published
Nov 28, 2023
A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By...
Critical
Unreviewed
CVE-2023-49313
was published
Nov 28, 2023
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due...
Moderate
Unreviewed
CVE-2021-22150
was published
Nov 22, 2023
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary...
High
Unreviewed
CVE-2023-48192
was published
Nov 21, 2023
Apache Derby: LDAP injection vulnerability in authenticator
Critical
CVE-2022-46337
was published
for
org.apache.derby:derby
(Maven)
Nov 20, 2023
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This...
Moderate
Unreviewed
CVE-2023-6188
was published
Nov 17, 2023
An attacker is able to gain remote code execution on a server hosting the H2O dashboard through...
Critical
Unreviewed
CVE-2023-6016
was published
Nov 16, 2023
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having...
High
Unreviewed
CVE-2023-47444
was published
Nov 16, 2023
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2...
High
Unreviewed
CVE-2023-46845
was published
Nov 15, 2023
Statamic CMS vulnerable to remote code execution via form uploads
High
CVE-2023-48217
was published
for
statamic/cms
(Composer)
Nov 14, 2023
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
High
Unreviewed
CVE-2023-6131
was published
Nov 14, 2023
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
Moderate
Unreviewed
CVE-2023-6126
was published
Nov 14, 2023
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
Moderate
Unreviewed
CVE-2023-6125
was published
Nov 14, 2023
Moodle Code Injection vulnerability
Moderate
CVE-2023-5550
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
ProTip!
Advisories are also available from the
GraphQL API