Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
node-bluetooth is vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation Critical
CVE-2023-26110 was published for node-bluetooth (npm) Mar 9, 2023
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections... Critical Unreviewed
CVE-2023-27986 was published Mar 9, 2023
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections... Critical Unreviewed
CVE-2023-27985 was published Mar 9, 2023
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before... Critical Unreviewed
CVE-2021-33351 was published Mar 9, 2023
builderio/qwik is vulnerable to code injection Critical
CVE-2023-1283 was published for @builder.io/qwik (npm) Mar 9, 2023
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before... Critical Unreviewed
CVE-2021-33353 was published Mar 9, 2023
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows... Critical Unreviewed
CVE-2021-33352 was published Mar 9, 2023
SQL Injection in Funadmin Critical
CVE-2023-24777 was published for funadmin/funadmin (Composer) Mar 9, 2023
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64 Critical
CVE-2023-26489 was published for cranelift-codegen (Rust) Mar 9, 2023
alexcrichton
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation... Critical Unreviewed
CVE-2023-22889 was published Mar 8, 2023
SQL Injection in Funadmin Critical
CVE-2023-24782 was published for funadmin/funadmin (Composer) Mar 8, 2023
SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute... Critical Unreviewed
CVE-2023-26922 was published Mar 8, 2023
SQL Injection in Funadmin Critical
CVE-2023-24773 was published for funadmin/funadmin (Composer) Mar 8, 2023
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection Critical
CVE-2023-27479 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Mar 8, 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection vulnerability. Critical Unreviewed
CVE-2023-25395 was published Mar 8, 2023
In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication... Critical Unreviewed
CVE-2023-26261 was published Mar 8, 2023
Easy!Appointments uses hard-coded credentials Critical
CVE-2023-1269 was published for alextselegidis/easyappointments (Composer) Mar 8, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-1267 was published Mar 8, 2023
Apache Dubbo vulnerable to Deserialization of Untrusted Data Critical
CVE-2023-23638 was published for org.apache.dubbo:dubbo (Maven) Mar 8, 2023
loganaden
The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows... Critical Unreviewed
CVE-2023-0090 was published Mar 8, 2023
SQL Injection in Funadmin Critical
CVE-2023-24780 was published for funadmin/funadmin (Composer) Mar 8, 2023
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP... Critical Unreviewed
CVE-2023-25690 was published Mar 7, 2023
SQL Injection in Funadmin Critical
CVE-2023-24775 was published for funadmin/funadmin (Composer) Mar 7, 2023
A vulnerability, which was classified as critical, was found in SourceCodester Health Center... Critical Unreviewed
CVE-2023-1253 was published Mar 7, 2023
SQL Injection in Funadmin Critical
CVE-2023-24781 was published for funadmin/funadmin (Composer) Mar 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database