GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,648
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,982
Pub
10
RubyGems
826
Rust
770
Swift
34
Unreviewed advisories
All unreviewed
5,000+
797 advisories
Filter by severity
Ez Platform Object Injection in legacy shop module
Moderate
GHSA-39j2-4p9j-5w4j
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Moderate
GHSA-pqjm-xcp8-wgmm
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug...
Moderate
Unreviewed
CVE-2024-20359
was published
Apr 24, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2024-29991
was published
Apr 19, 2024
There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote...
Moderate
Unreviewed
CVE-2024-25706
was published
Apr 4, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation
Moderate
CVE-2024-29477
was published
for
dolibarr/dolibarr
(Composer)
Apr 3, 2024
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the...
Moderate
Unreviewed
CVE-2024-2016
was published
Mar 21, 2024
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2024-2497
was published
Mar 15, 2024
Nteract Remote Code Execution vulnerability
Moderate
CVE-2024-22891
was published
for
nteract
(npm)
Mar 1, 2024
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG...
Moderate
Unreviewed
CVE-2024-1885
was published
Feb 26, 2024
A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue...
Moderate
Unreviewed
CVE-2024-1705
was published
Feb 21, 2024
Vintage,
member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay...
Moderate
Unreviewed
CVE-2023-5800
was published
Feb 5, 2024
Brandon
Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi
did not have a...
Moderate
Unreviewed
CVE-2023-5677
was published
Feb 5, 2024
An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate...
Moderate
Unreviewed
CVE-2023-51820
was published
Feb 2, 2024
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker...
Moderate
Unreviewed
CVE-2023-37518
was published
Jan 30, 2024
A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue...
Moderate
Unreviewed
CVE-2024-0738
was published
Jan 20, 2024
[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to ...
Moderate
Unreviewed
CVE-2023-6548
was published
Jan 17, 2024
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android...
Moderate
Unreviewed
CVE-2023-6540
was published
Jan 3, 2024
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to...
Moderate
Unreviewed
CVE-2023-41783
was published
Jan 3, 2024
A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by...
Moderate
Unreviewed
CVE-2024-0196
was published
Jan 3, 2024
A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is...
Moderate
Unreviewed
CVE-2024-0195
was published
Jan 2, 2024
ShifuML shifu code injection vulnerability
Moderate
CVE-2023-7148
was published
for
ml.shifu:shifu
(Maven)
Dec 29, 2023
A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by...
Moderate
Unreviewed
CVE-2023-6899
was published
Dec 17, 2023
A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical....
Moderate
Unreviewed
CVE-2023-6851
was published
Dec 16, 2023
ProTip!
Advisories are also available from the
GraphQL API