Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

475 advisories

Loading
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing... High Unreviewed
CVE-2023-6648 was published Dec 10, 2023
Ingress nginx annotation injection causes arbitrary command execution High
CVE-2023-5043 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
Composer Remote Code Execution vulnerability via web-accessible composer.phar High
CVE-2023-43655 was published for composer/composer (Composer) Sep 29, 2023
thomas-chauchefoin-sonarsource
Improper Input Validation vulnerability in the ContentType parameter for attachments on... High Unreviewed
CVE-2023-38060 was published Jul 24, 2023
An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive... High Unreviewed
CVE-2024-12756 was published Feb 11, 2025
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All... High Unreviewed
CVE-2024-50572 was published Nov 12, 2024
The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP... High Unreviewed
CVE-2024-1773 was published Mar 7, 2024
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. High Unreviewed
CVE-2022-33900 was published Aug 23, 2022
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an... High Unreviewed
CVE-2020-17496 was published May 24, 2022
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers... High Unreviewed
CVE-2020-10987 was published May 24, 2022
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. High Unreviewed
CVE-2020-8644 was published May 24, 2022
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts.... High Unreviewed
CVE-2023-24539 was published May 11, 2023
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty... High Unreviewed
CVE-2023-29400 was published May 11, 2023
Git LFS permits exfiltration of credentials via crafted HTTP URLs High
CVE-2024-53263 was published for github.com/git-lfs/git-lfs (Go) Jan 14, 2025
Ry0taK
A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16... High Unreviewed
CVE-2025-0528 was published Jan 17, 2025
Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed
CVE-2021-29084 was published May 24, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed
CVE-2021-29085 was published May 24, 2022
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21.... High Unreviewed
CVE-2025-0396 was published Jan 12, 2025
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4,... High Unreviewed
CVE-2024-23280 was published Mar 8, 2024
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails High
CVE-2024-53860 was published for spencer14420/sp-php-email-handler (Composer) Nov 27, 2024
HTTP response splitting in uvicorn High
CVE-2020-7695 was published for uvicorn (pip) Jul 29, 2020
Dolibarr ERP CRM vulnerable to remote code execution (RCE) High
CVE-2024-40137 was published for dolibarr/dolibarr (Composer) Jul 24, 2024
Ankitects Anki arbitrary script execution vulnerability High
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san
A user controlled parameter related to SMTP test functionality is not correctly validated making... High Unreviewed
CVE-2021-31988 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database