GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,369
Composer 4,373
Erlang 33
GitHub Actions 22
Go 2,135
Maven 5,313
npm 3,797
NuGet 687
pip 3,478
Pub 12
RubyGems 896
Rust 897
Swift 38

Unreviewed advisories

All unreviewed 245,421

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

324 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing... High Unreviewed

CVE-2023-6648 was published Dec 10, 2023

Improper Input Validation vulnerability in the ContentType parameter for attachments on... High Unreviewed

CVE-2023-38060 was published Jul 24, 2023

An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive... High Unreviewed

CVE-2024-12756 was published Feb 11, 2025

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All... High Unreviewed

CVE-2024-50572 was published Nov 12, 2024

The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP... High Unreviewed

CVE-2024-1773 was published Mar 7, 2024

PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. High Unreviewed

CVE-2022-33900 was published Aug 23, 2022

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an... High Unreviewed

CVE-2020-17496 was published May 24, 2022

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers... High Unreviewed

CVE-2020-10987 was published May 24, 2022

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. High Unreviewed

CVE-2020-8644 was published May 24, 2022

Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts.... High Unreviewed

CVE-2023-24539 was published May 11, 2023

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty... High Unreviewed

CVE-2023-29400 was published May 11, 2023

A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16... High Unreviewed

CVE-2025-0528 was published Jan 17, 2025

Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed

CVE-2021-29084 was published May 24, 2022

Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed

CVE-2021-29085 was published May 24, 2022

A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21.... High Unreviewed

CVE-2025-0396 was published Jan 12, 2025

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4,... High Unreviewed

CVE-2024-23280 was published Mar 8, 2024

A user controlled parameter related to SMTP test functionality is not correctly validated making... High Unreviewed

CVE-2021-31988 was published May 24, 2022

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when... High Unreviewed

CVE-2023-26130 was published May 30, 2023

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon... High Unreviewed

CVE-2021-39128 was published May 24, 2022

PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature... High Unreviewed

CVE-2023-4818 was published Jan 15, 2024

PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can... High Unreviewed

CVE-2023-42136 was published Jan 15, 2024

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. High Unreviewed

CVE-2023-48841 was published Dec 7, 2023

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account... High Unreviewed

CVE-2021-39114 was published Apr 6, 2022

An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8,... High Unreviewed

CVE-2023-3922 was published Sep 29, 2023

This vulnerability allows an already authenticated admin user to create a malicious payload that... High Unreviewed

CVE-2024-1882 was published Mar 14, 2024

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

324 advisories