GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
8 advisories
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
High
CVE-2024-22198
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
High
CVE-2024-22197
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
High
CVE-2024-22196
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
Potential Actions command injection in output filenames (GHSL-2023-275)
High
CVE-2023-52137
was published
for
tj-actions/verify-changed-files
(GitHub Actions)
Jan 2, 2024
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)
High
CVE-2023-51664
was published
for
tj-actions/changed-files
(GitHub Actions)
Jan 2, 2024
Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)
Moderate
GHSA-hw6r-g8gj-2987
was published
for
https://github.com/pytorch/pytorch/.github/actions/filter-test-configs
(GitHub Actions)
Aug 30, 2023
OWSLib vulnerable to XML External Entity (XXE) Injection
High
CVE-2023-27476
was published
for
OWSLib
(pip)
Mar 7, 2023
acryl-datahub missing JWT signature check
Critical
CVE-2022-39366
was published
for
acryl-datahub
(pip)
Oct 31, 2022
ProTip!
Advisories are also available from the
GraphQL API