Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,769 advisories

Loading
Remote code execution in JFinal CMS Critical
CVE-2023-30349 was published for com.jflyfox:jflyfox_jfinal (Maven) Apr 27, 2023
Potential leak of authentication data to 3rd parties Critical
CVE-2023-30846 was published for typed-rest-client (npm) Apr 27, 2023
yahavi JLLeitschuh
Credited to yahavi and JLLeitschuh
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 ... Critical Unreviewed
CVE-2023-1778 was published Apr 27, 2023
Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute... Critical Unreviewed
CVE-2022-47758 was published Apr 27, 2023
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ... Critical Unreviewed
CVE-2023-20852 was published Apr 27, 2023
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ... Critical Unreviewed
CVE-2023-20853 was published Apr 27, 2023
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote... Critical Unreviewed
CVE-2023-28697 was published Apr 27, 2023
Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0... Critical Unreviewed
CVE-2023-30280 was published Apr 26, 2023
Access bypass in Drupal core Critical
CVE-2023-31250 was published for drupal/core (Composer) Apr 26, 2023
Remote code execution in Voyager Critical
CVE-2020-36070 was published for tcg/voyager (Composer) Apr 26, 2023
Prototype Pollution in vConsole Critical
CVE-2023-30363 was published for vconsole (npm) Apr 26, 2023
renbaoshuo
Credited to renbaoshuo
OURPHP <= 7.2.0 is vulnerable to SQL Injection. Critical Unreviewed
CVE-2023-30211 was published Apr 26, 2023
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a... Critical Unreviewed
CVE-2023-29268 was published Apr 26, 2023
Buffer overflow in sponge queue functions Critical
CVE-2022-37454 was published for pysha3 (RubyGems) Apr 26, 2023
An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials,... Critical Unreviewed
CVE-2022-39989 was published Apr 26, 2023
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker... Critical Unreviewed
CVE-2023-24796 was published Apr 26, 2023
SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote... Critical Unreviewed
CVE-2023-27843 was published Apr 26, 2023
Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code... Critical Unreviewed
CVE-2023-30404 was published Apr 26, 2023
ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in... Critical Unreviewed
CVE-2012-5872 was published Apr 26, 2023
SQL filter bypass leading to arbitrary write requests using "SQL Manager" Critical
CVE-2023-30839 was published for prestashop/prestashop (Composer) Apr 25, 2023
truff77
Credited to truff77
Duplicate Advisory: AVideo contains Command injection when embedding a video link Critical
GHSA-wj6r-53f5-q789 was published for wwbn/avideo (Composer) Apr 25, 2023 withdrawn
A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with... Critical Unreviewed
CVE-2023-27105 was published Apr 25, 2023
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73,... Critical Unreviewed
CVE-2023-28771 was published Apr 25, 2023
Rancher Webhook is misconfigured during upgrade process Critical
CVE-2023-22651 was published for github.com/rancher/rancher (Go) Apr 24, 2023
pjbgf
Credited to pjbgf
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a... Critical Unreviewed
CVE-2023-1020 was published Apr 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database