Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
A vulnerability, which was classified as critical, has been found in SourceCodester Online... Critical Unreviewed
CVE-2023-1040 was published Feb 26, 2023
A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute... Critical Unreviewed
CVE-2023-26550 was published Feb 25, 2023
An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary... Critical Unreviewed
CVE-2023-24189 was published Feb 25, 2023
Sequelize - Default support for “raw attributes” when using parentheses Critical
CVE-2023-22578 was published for @sequelize/core (npm) Feb 24, 2023
An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the... Critical Unreviewed
CVE-2021-35370 was published Feb 24, 2023
Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code... Critical Unreviewed
CVE-2021-33387 was published Feb 24, 2023
File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute... Critical Unreviewed
CVE-2021-33224 was published Feb 24, 2023
LiteDB may deserialize bad JSON on object type using _type Critical
CVE-2022-23535 was published for LiteDB (NuGet) Feb 24, 2023
Apache Airflow Hive Provider Improper Input Validation vulnerability Critical
CVE-2023-25696 was published for apache-airflow-providers-apache-hive (pip) Feb 24, 2023
Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code... Critical Unreviewed
CVE-2021-4105 was published Feb 24, 2023
Apache Airflow Google Provider Improper Input Validation vulnerability Critical
CVE-2023-25691 was published for apache-airflow-providers-google (pip) Feb 24, 2023
Apache Airflow Sqoop Provider Improper Input Validation vulnerability Critical
CVE-2023-25693 was published for apache-airflow-providers-apache-sqoop (pip) Feb 24, 2023
The affected products are vulnerable to an integer overflow or wraparound, which could allow an... Critical Unreviewed
CVE-2023-0754 was published Feb 24, 2023
The affected products are vulnerable to an improper validation of array index, which could allow... Critical Unreviewed
CVE-2023-0755 was published Feb 24, 2023
Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-24205 was published Feb 24, 2023
Code injection in pdf_info Critical
CVE-2022-36231 was published for pdf_info (RubyGems) Feb 24, 2023
Cerebrate 1.12 does not properly consider organisation_id during creation of API keys. Critical Unreviewed
CVE-2023-26468 was published Feb 24, 2023
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at ... Critical Unreviewed
CVE-2023-24212 was published Feb 24, 2023
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated... Critical Unreviewed
CVE-2023-26326 was published Feb 23, 2023
Undertow client not checking server identity presented by server certificate in https connections Critical
CVE-2022-4492 was published for io.undertow:undertow-core (Maven) Feb 23, 2023
fawind
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions... Critical Unreviewed
CVE-2023-24104 was published Feb 23, 2023
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. Critical Unreviewed
CVE-2022-48342 was published Feb 23, 2023
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management... Critical Unreviewed
CVE-2023-0986 was published Feb 23, 2023
Unsafe fall-through in getWhereConditions Critical
CVE-2023-22579 was published for @sequelize/core (npm) Feb 23, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2022-2504 was published Feb 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database