GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
216 advisories
Filter by severity
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized...
Low
Unreviewed
CVE-2023-26279
was published
Nov 24, 2023
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php...
Critical
Unreviewed
CVE-2023-48655
was published
Nov 17, 2023
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape...
Critical
Unreviewed
CVE-2023-38316
was published
Nov 17, 2023
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide...
Moderate
Unreviewed
CVE-2023-40453
was published
Nov 14, 2023
Mattermost password hash disclosure vulnerability
Moderate
CVE-2023-5968
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow...
Moderate
Unreviewed
CVE-2023-4393
was published
Oct 30, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Critical
CVE-2023-45135
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46301
was published
Oct 22, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46300
was published
Oct 22, 2023
React Developer Tools extension Improper Authorization vulnerability
Moderate
CVE-2023-5654
was published
for
react-devtools-core
(npm)
Oct 19, 2023
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
High
CVE-2023-43620
was published
for
github.com/schollz/croc/v9
(Go)
Sep 20, 2023
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site...
Moderate
Unreviewed
CVE-2023-37875
was published
Sep 14, 2023
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can...
High
Unreviewed
CVE-2023-4571
was published
Aug 30, 2023
Vulnerability of input parameter verification in certain APIs in the window management module....
High
Unreviewed
CVE-2023-39390
was published
Aug 13, 2023
Vulnerability of input parameters being not strictly verified in the PMS module. Successful...
High
Unreviewed
CVE-2023-39386
was published
Aug 13, 2023
Input verification vulnerability in the storage module. Successful exploitation of this...
High
Unreviewed
CVE-2023-39381
was published
Aug 13, 2023
Input verification vulnerability in the audio module. Successful exploitation of this...
High
Unreviewed
CVE-2023-39382
was published
Aug 13, 2023
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Moderate
CVE-2023-40014
was published
for
@openzeppelin/contracts
(npm)
Aug 11, 2023
Critters Cross-site Scripting Vulnerability
Moderate
CVE-2023-3481
was published
for
critters
(npm)
Aug 11, 2023
Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability...
High
Unreviewed
CVE-2022-36392
was published
Aug 11, 2023
PrestaShop XSS injection through Validate::isCleanHTML method
High
CVE-2023-39527
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability...
High
Unreviewed
CVE-2023-3997
was published
Jul 31, 2023
Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was...
High
Unreviewed
CVE-2022-43713
was published
Jul 26, 2023
RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.
Moderate
Unreviewed
CVE-2022-31458
was published
Jul 25, 2023
Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax
Moderate
CVE-2023-34036
was published
for
org.springframework.hateoas:spring-hateoas
(Maven)
Jul 17, 2023
ProTip!
Advisories are also available from the
GraphQL API