Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,049 advisories

Loading
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user... Moderate Unreviewed
CVE-2023-26148 was published Sep 29, 2023
Searchor CLI's Search vulnerable to Arbitrary Code using Eval Critical
CVE-2023-43364 was published for searchor (pip) Sep 25, 2023
Kiali content spoofing vulnerability Moderate
CVE-2022-3962 was published for github.com/kiali/kiali (Go) Sep 23, 2023
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user... Moderate Unreviewed
CVE-2023-26142 was published Sep 19, 2023
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1... Moderate Unreviewed
CVE-2023-41834 was published Sep 19, 2023
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to... High Unreviewed
CVE-2023-36250 was published Sep 14, 2023
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field... Moderate Unreviewed
CVE-2023-4843 was published Sep 8, 2023
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows... High Unreviewed
CVE-2023-39424 was published Sep 7, 2023
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the... Critical Unreviewed
CVE-2023-1523 was published Sep 1, 2023
Sandbox escape via various forms of "format". High
CVE-2023-41039 was published for RestrictedPython (pip) Aug 30, 2023
ankush abhishekg999
d-maurer icemac Quasar0147
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can... High Unreviewed
CVE-2023-4571 was published Aug 30, 2023
Mattermost fails to restrict which parameters' values it takes from the request during signup... High Unreviewed
CVE-2023-4478 was published Aug 25, 2023
?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats... Moderate Unreviewed
CVE-2023-4212 was published Aug 22, 2023
Craft CMS vulnerable to Remote Code Execution via validatePath bypass High
CVE-2023-40035 was published for craftcms/cms (Composer) Aug 21, 2023
awakerrday
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical.... Moderate Unreviewed
CVE-2023-4450 was published Aug 21, 2023
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via... Critical Unreviewed
CVE-2022-24989 was published Aug 20, 2023
llama-index vulnerable to arbitrary code execution Critical
CVE-2023-39662 was published for llama-index (pip) Aug 15, 2023
KaliforniaShell
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-38896 was published for langchain (pip) Aug 15, 2023
PandasAI vulnerable to arbitrary code execution Critical
CVE-2023-39661 was published for pandasai (pip) Aug 15, 2023
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-39659 was published for langchain (pip) Aug 15, 2023
eyurtsev
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute... High Unreviewed
CVE-2020-28848 was published Aug 11, 2023
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2... High Unreviewed
CVE-2023-31209 was published Aug 10, 2023
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the... High Unreviewed
CVE-2023-33242 was published Aug 10, 2023
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a... Critical Unreviewed
CVE-2023-33241 was published Aug 10, 2023
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI... Critical Unreviewed
CVE-2023-39213 was published Aug 9, 2023
ProTip! Advisories are also available from the GraphQL API