Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

93,441 advisories

Loading
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS... High Unreviewed
CVE-2023-22788 was published Jul 6, 2023
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS... High Unreviewed
CVE-2023-22789 was published Jul 6, 2023
SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No... High Unreviewed
CVE-2023-31038 was published Jul 6, 2023
AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and... High Unreviewed
CVE-2023-31179 was published Jul 6, 2023
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer... High Unreviewed
CVE-2023-2575 was published Jul 6, 2023
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the... High Unreviewed
CVE-2023-22787 was published Jul 6, 2023
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS... High Unreviewed
CVE-2023-22790 was published Jul 6, 2023
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as... High Unreviewed
CVE-2023-2534 was published Jul 6, 2023
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in... High Unreviewed
CVE-2023-27999 was published Jul 6, 2023
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo plugin <= 6.0.2.0... High Unreviewed
CVE-2023-25967 was published Jul 6, 2023
NGINX Management Suite default file permissions are set such that an authenticated attacker may... High Unreviewed
CVE-2023-28724 was published Jul 6, 2023
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of... High Unreviewed
CVE-2023-1385 was published Jul 6, 2023
When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual... High Unreviewed
CVE-2023-29163 was published Jul 6, 2023
NGINX Management Suite may allow an authenticated attacker to gain access to configuration... High Unreviewed
CVE-2023-28656 was published Jul 6, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase High
CVE-2023-37260 was published for league/oauth2-server (Composer) Jul 6, 2023
MHC03 christianmeller
ethyca-fides Webserver API Path Traversal vulnerability High
CVE-2023-36827 was published for ethyca-fides (pip) Jul 6, 2023
daveqnet
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content High
CVE-2023-36823 was published for sanitize (RubyGems) Jul 6, 2023
cure53
Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content... High Unreviewed
CVE-2023-23790 was published Jul 6, 2023
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category... High Unreviewed
CVE-2023-22691 was published Jul 6, 2023
A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program... High Unreviewed
CVE-2023-22913 was published Jul 6, 2023
A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series... High Unreviewed
CVE-2023-22914 was published Jul 6, 2023
A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series... High Unreviewed
CVE-2023-22915 was published Jul 6, 2023
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable... High Unreviewed
CVE-2023-2297 was published Jul 6, 2023
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve... High Unreviewed
CVE-2023-2236 was published Jul 6, 2023
A valid XCC user's local account permissions overrides their active directory permissions under... High Unreviewed
CVE-2023-29057 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API