Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,925 advisories

Loading
Undertow client not checking server identity presented by server certificate in https connections Critical
CVE-2022-4492 was published for io.undertow:undertow-core (Maven) Feb 23, 2023
fawind
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated... Critical Unreviewed
CVE-2023-26326 was published Feb 23, 2023
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management... Critical Unreviewed
CVE-2023-0986 was published Feb 23, 2023
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. Critical Unreviewed
CVE-2022-48342 was published Feb 23, 2023
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions... Critical Unreviewed
CVE-2023-24104 was published Feb 23, 2023
Unsafe fall-through in getWhereConditions Critical
CVE-2023-22579 was published for @sequelize/core (npm) Feb 23, 2023
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as... Critical Unreviewed
CVE-2023-0980 was published Feb 23, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2022-2504 was published Feb 23, 2023
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been... Critical Unreviewed
CVE-2023-0982 was published Feb 23, 2023
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been... Critical Unreviewed
CVE-2023-0981 was published Feb 23, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-0939 was published Feb 23, 2023
ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded... Critical Unreviewed
CVE-2023-26462 was published Feb 23, 2023
Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL... Critical Unreviewed
CVE-2022-48149 was published Feb 23, 2023
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file... Critical Unreviewed
CVE-2022-45599 was published Feb 23, 2023
File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute... Critical Unreviewed
CVE-2022-39983 was published Feb 23, 2023
Sequelize vulnerable to SQL Injection via replacements Critical
CVE-2023-25813 was published for sequelize (npm) Feb 22, 2023
ephys
An access control issue in H3C A210-G A210-GV100R005 allows attackers to authenticate without a... Critical Unreviewed
CVE-2023-24093 was published Feb 22, 2023
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management... Critical Unreviewed
CVE-2023-0964 was published Feb 22, 2023
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical... Critical Unreviewed
CVE-2023-0963 was published Feb 22, 2023
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as... Critical Unreviewed
CVE-2023-0961 was published Feb 22, 2023
typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2023-24114 was published Feb 22, 2023
GeoTools OGC Filter SQL Injection Vulnerabilities Critical
CVE-2023-25158 was published for org.geotools:gt-jdbc (Maven) Feb 22, 2023
sikeoka
GeoServer OGC Filter SQL Injection Vulnerabilities Critical
CVE-2023-25157 was published for org.geoserver.community:gs-jdbcconfig (Maven) Feb 22, 2023
sikeoka
Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an... Critical Unreviewed
CVE-2022-41217 was published Feb 22, 2023
hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to... Critical Unreviewed
CVE-2023-24107 was published Feb 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database