Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,449 advisories

Named path parameters can be overridden in TrieRouter Moderate
CVE-2023-50710 was published for hono (npm) Dec 15, 2023
This vulnerability allows an remote attacker with low privileges to misuse Improper Control of... High Unreviewed
CVE-2023-5500 was published Dec 11, 2023
Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to... High Unreviewed
CVE-2023-6288 was published Dec 6, 2023
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present.... Critical Unreviewed
CVE-2023-49070 was published Dec 5, 2023
The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution)... High Unreviewed
CVE-2023-5762 was published Dec 5, 2023
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL Critical
CVE-2023-49093 was published for org.htmlunit:htmlunit (Maven) Dec 4, 2023
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request Critical
CVE-2023-48887 was published for org.jupiter-rpc:jupiter-rpc (Maven) Dec 2, 2023
An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions... Moderate Unreviewed
CVE-2023-5226 was published Dec 1, 2023
October CMS safe mode bypass using Twig sandbox escape Critical
CVE-2023-44382 was published for october/system (Composer) Nov 29, 2023
whatev3n
October CMS safe mode bypass using Page template injection Moderate
CVE-2023-44381 was published for october/system (Composer) Nov 29, 2023
whatev3n
Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is... Critical Unreviewed
CVE-2023-49314 was published Nov 28, 2023
A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By... Critical Unreviewed
CVE-2023-49313 was published Nov 28, 2023
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due... Moderate Unreviewed
CVE-2021-22150 was published Nov 22, 2023
Eval Injection in fastbots High
CVE-2023-48699 was published for fastbots (pip) Nov 21, 2023
ubertidavide
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary... High Unreviewed
CVE-2023-48192 was published Nov 21, 2023
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This... Moderate Unreviewed
CVE-2023-6188 was published Nov 17, 2023
An attacker is able to gain remote code execution on a server hosting the H2O dashboard through... Critical Unreviewed
CVE-2023-6016 was published Nov 16, 2023
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having... High Unreviewed
CVE-2023-47444 was published Nov 16, 2023
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2... High Unreviewed
CVE-2023-46845 was published Nov 15, 2023
Statamic CMS vulnerable to remote code execution via form uploads High
CVE-2023-48217 was published for statamic/cms (Composer) Nov 14, 2023
ahinkle
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. High Unreviewed
CVE-2023-6131 was published Nov 14, 2023
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Moderate Unreviewed
CVE-2023-6126 was published Nov 14, 2023
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Moderate Unreviewed
CVE-2023-6125 was published Nov 14, 2023
Moodle Code Injection vulnerability Moderate
CVE-2023-5550 was published for moodle/moodle (Composer) Nov 9, 2023
ProTip! Advisories are also available from the GraphQL API