GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
86,720 advisories
Filter by severity
The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action,...
High
Unreviewed
CVE-2023-1938
was published
May 30, 2023
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which...
High
Unreviewed
CVE-2023-0766
was published
May 30, 2023
The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and...
High
Unreviewed
CVE-2023-0329
was published
May 30, 2023
Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and...
High
Unreviewed
CVE-2023-33245
was published
May 30, 2023
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when...
High
Unreviewed
CVE-2023-26130
was published
May 30, 2023
The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions...
High
Unreviewed
CVE-2023-27988
was published
May 30, 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is...
High
Unreviewed
CVE-2022-24628
was published
May 29, 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles...
High
Unreviewed
CVE-2022-24630
was published
May 29, 2023
A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read...
High
Unreviewed
CVE-2021-27825
was published
May 29, 2023
Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via...
High
Unreviewed
CVE-2023-31874
was published
May 29, 2023
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate...
High
Unreviewed
CVE-2023-33291
was published
May 29, 2023
Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames.
High
Unreviewed
CVE-2023-29380
was published
May 29, 2023
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require(...
High
Unreviewed
CVE-2023-31873
was published
May 29, 2023
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their...
High
Unreviewed
CVE-2023-30350
was published
May 29, 2023
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon...
High
Unreviewed
CVE-2023-30570
was published
May 29, 2023
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6...
High
Unreviewed
CVE-2023-32763
was published
May 29, 2023
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
High
Unreviewed
CVE-2023-2949
was published
May 28, 2023
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
High
Unreviewed
CVE-2023-2948
was published
May 28, 2023
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
High
Unreviewed
CVE-2023-2942
was published
May 28, 2023
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8...
High
Unreviewed
CVE-2023-21514
was published
May 27, 2023
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior...
High
Unreviewed
CVE-2023-21515
was published
May 27, 2023
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated...
High
Unreviewed
CVE-2023-2825
was published
May 26, 2023
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via...
High
Unreviewed
CVE-2023-2879
was published
May 26, 2023
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to...
High
Unreviewed
CVE-2023-28319
was published
May 26, 2023
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint...
High
Unreviewed
CVE-2023-33247
was published
May 26, 2023
ProTip!
Advisories are also available from the
GraphQL API