Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,769 advisories

Loading
Sensitive information disclosure due to improper authentication. The following products are... Critical Unreviewed
CVE-2022-30995 was published May 3, 2023
Code execution and sensitive information disclosure due to excessive privileges assigned to... Critical Unreviewed
CVE-2022-3405 was published May 3, 2023
GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc... Critical Unreviewed
CVE-2023-29778 was published May 2, 2023
European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak... Critical Unreviewed
CVE-2023-26089 was published May 2, 2023
appium-desktop OS Command Injection vulnerability Critical
CVE-2023-2479 was published for appium-desktop (npm) May 2, 2023
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-868L Hardware version A1, firmware version 1.12 is... Critical Unreviewed
CVE-2023-29856 was published May 2, 2023
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before... Critical Unreviewed
CVE-2023-1730 was published May 2, 2023
OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password... Critical Unreviewed
CVE-2022-35898 was published May 1, 2023
File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute... Critical Unreviewed
CVE-2023-29635 was published May 1, 2023
Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs Critical
GHSA-83fm-w79m-64r5 was published for mlflow (pip) May 1, 2023
SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer... Critical Unreviewed
CVE-2023-31470 was published Apr 28, 2023
SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller... Critical Unreviewed
CVE-2023-26813 was published Apr 28, 2023
SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands... Critical Unreviewed
CVE-2023-26781 was published Apr 28, 2023
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges... Critical Unreviewed
CVE-2023-1966 was published Apr 28, 2023
Duplicate Advisory: Arbitrary code execution in jfinal CMS Critical
CVE-2023-26812 was published for com.jflyfox:jflyfox_jfinal (Maven) Apr 28, 2023 withdrawn
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or... Critical Unreviewed
CVE-2023-27972 was published Apr 28, 2023
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or... Critical Unreviewed
CVE-2023-27971 was published Apr 28, 2023
Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote... Critical Unreviewed
CVE-2023-27973 was published Apr 28, 2023
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on... Critical Unreviewed
CVE-2023-0834 was published Apr 28, 2023
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section Critical
CVE-2023-28473 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Credited to MarkLee131
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard... Critical Unreviewed
CVE-2022-41397 was published Apr 28, 2023
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user... Critical Unreviewed
CVE-2022-41400 was published Apr 28, 2023
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS... Critical Unreviewed
CVE-2023-30467 was published Apr 28, 2023
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS... Critical Unreviewed
CVE-2023-30466 was published Apr 28, 2023
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently... Critical Unreviewed
CVE-2023-1967 was published Apr 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database