Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user... Critical Unreviewed
CVE-2023-5340 was published Nov 20, 2023
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Critical Unreviewed
CVE-2023-44373 was published Nov 14, 2023
Langchain SQL Injection vulnerability Critical
CVE-2023-32785 was published for langchain (pip) Oct 21, 2023
bertuxdeveloper
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to... Critical Unreviewed
CVE-2022-47583 was published Oct 19, 2023
Cachet vulnerable to Authenticated Remote Code Execution Critical
CVE-2023-43661 was published for cachethq/cachet (Composer) Oct 16, 2023
rive-n
Searchor CLI's Search vulnerable to Arbitrary Code using Eval Critical
CVE-2023-43364 was published for searchor (pip) Sep 25, 2023
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the... Critical Unreviewed
CVE-2023-1523 was published Sep 1, 2023
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via... Critical Unreviewed
CVE-2022-24989 was published Aug 20, 2023
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-39659 was published for langchain (pip) Aug 15, 2023
eyurtsev
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-38896 was published for langchain (pip) Aug 15, 2023
PandasAI vulnerable to arbitrary code execution Critical
CVE-2023-39661 was published for pandasai (pip) Aug 15, 2023
llama-index vulnerable to arbitrary code execution Critical
CVE-2023-39662 was published for llama-index (pip) Aug 15, 2023
KaliforniaShell
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a... Critical Unreviewed
CVE-2023-33241 was published Aug 10, 2023
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI... Critical Unreviewed
CVE-2023-39213 was published Aug 9, 2023
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template... Critical Unreviewed
CVE-2023-36210 was published Aug 1, 2023
Code injection in Duke Critical
CVE-2023-39013 was published for no.priv.garshol.duke:duke (Maven) Jul 28, 2023
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability Critical
CVE-2023-37462 was published for org.xwiki.platform:xwiki-platform-skin-ui (Maven) Jul 14, 2023
HtmlUnit Code Injection vulnerability Critical
CVE-2023-26119 was published for net.sourceforge.htmlunit:htmlunit (Maven) Jul 6, 2023
langchain vulnerable to arbitrary code execution Critical
CVE-2023-36188 was published for langchain (pip) Jul 6, 2023
Remote Code Execution for 2.4.1 and earlier Critical
CVE-2023-36812 was published for net.opentsdb:opentsdb (Maven) Jun 30, 2023
oxeye-daniel oxeye-gal
XWiki Platform vulnerable to Code injection through NotificationRSSService Critical
CVE-2023-36469 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Jun 30, 2023
XWiki Platform vulnerable to Code Injection in icon themes Critical
CVE-2023-36470 was published for org.xwiki.platform:xwiki-platform-icon-default (Maven) Jun 30, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted Critical
CVE-2023-36471 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Jun 30, 2023
An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions... Critical Unreviewed
CVE-2023-33566 was published Jun 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database