GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
340 advisories
Filter by severity
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Moderate
Unreviewed
CVE-2024-35680
was published
Jun 10, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Moderate
Unreviewed
CVE-2024-35728
was published
Jun 10, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Moderate
GHSA-gff2-p6vm-3p8g
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
ZendFramework Potential Proxy Injection Vulnerabilities
Moderate
GHSA-mg7h-9qfx-4r83
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
The EmailGPT service contains a prompt injection vulnerability. The service uses an API service...
Moderate
Unreviewed
CVE-2024-5184
was published
Jun 5, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Moderate
Unreviewed
CVE-2023-23738
was published
Jun 4, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
Moderate
GHSA-g5vj-wj9x-4jg9
was published
for
symbiote/silverstripe-multivaluefield
(Composer)
May 29, 2024
SimpleSAMLphp Link Injection vulnerability
Moderate
GHSA-v858-922f-fj9v
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
Contao: Insufficient BBCode sanitizer
Moderate
CVE-2024-28234
was published
for
contao/comments-bundle
(Composer)
Apr 9, 2024
Un-sanitized metric name or labels can be used to take over exported metrics
Moderate
CVE-2024-28867
was published
for
github.com/swift-server/swift-prometheus
(Swift)
Mar 29, 2024
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x...
Moderate
Unreviewed
CVE-2024-2445
was published
Mar 15, 2024
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server....
Moderate
Unreviewed
CVE-2024-1883
was published
Mar 14, 2024
An injection vulnerability has been reported to affect several QNAP operating system versions. If...
Moderate
Unreviewed
CVE-2024-21900
was published
Mar 8, 2024
Improper neutralization of special elements in output (CWE-74) used by the email generation...
Moderate
Unreviewed
CVE-2024-21838
was published
Mar 5, 2024
A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected...
Moderate
Unreviewed
CVE-2024-2064
was published
Mar 1, 2024
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The...
Moderate
Unreviewed
CVE-2024-1619
was published
Feb 29, 2024
The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the...
Moderate
Unreviewed
CVE-2021-4227
was published
Jan 16, 2024
PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow...
Moderate
Unreviewed
CVE-2023-42135
was published
Jan 15, 2024
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection....
Moderate
Unreviewed
CVE-2023-31025
was published
Jan 12, 2024
pyload Log Injection vulnerability
Moderate
CVE-2024-21645
was published
for
pyload-ng
(pip)
Jan 8, 2024
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.
Moderate
Unreviewed
CVE-2023-50093
was published
Jan 3, 2024
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Moderate
CVE-2023-52081
was published
for
github.com/ewen-lbh/ffcss
(Go)
Dec 28, 2023
A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210....
Moderate
Unreviewed
CVE-2023-7039
was published
Dec 21, 2023
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI...
Moderate
Unreviewed
CVE-2023-35895
was published
Dec 20, 2023
ProTip!
Advisories are also available from the
GraphQL API