Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,221 advisories

Loading
Path traversal in MLflow Critical
CVE-2023-6831 was published for mlflow (pip) Dec 15, 2023
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v.... Critical Unreviewed
CVE-2023-40954 was published Dec 15, 2023
Cross-site Scripting in @spscommerce/ds-react Critical
GHSA-cfxh-frx4-9gjg was published for @spscommerce/ds-react (npm) Dec 15, 2023
shramko82 Credited to shramko82, knedev42, and jimthedev knedev42 knedev42
jimthedev jimthedev
A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka... Critical Unreviewed
CVE-2023-48049 was published Dec 15, 2023
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized... Critical Unreviewed
CVE-2023-45894 was published Dec 14, 2023
Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted... Critical Unreviewed
CVE-2023-47261 was published Dec 14, 2023
EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword... Critical Unreviewed
CVE-2023-50073 was published Dec 14, 2023
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at... Critical Unreviewed
CVE-2023-50563 was published Dec 14, 2023
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability Critical
CVE-2023-6572 was published for gradio (pip) Dec 14, 2023
External Control of File Name or Path in h2oai/h2o-3 Critical
CVE-2023-6569 was published for h2o (pip) Dec 14, 2023
RainSignal Credited to RainSignal
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG,... Critical Unreviewed
CVE-2023-0757 was published Dec 14, 2023
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the... Critical Unreviewed
CVE-2023-46141 was published Dec 14, 2023
Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2023-48085 was published Dec 14, 2023
SQLi vulnerability in Starshop component for Joomla. Critical Unreviewed
CVE-2023-49708 was published Dec 14, 2023
SQLi vulnerability in S5 Register module for Joomla. Critical Unreviewed
CVE-2023-49707 was published Dec 14, 2023
SQLi vulnerability in LMS Lite component for Joomla. Critical Unreviewed
CVE-2023-40629 was published Dec 14, 2023
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2023-48084 was published Dec 14, 2023
SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate... Critical Unreviewed
CVE-2023-46348 was published Dec 14, 2023
Unauthenticated LFI/SSRF in JCDashboards component for Joomla. Critical Unreviewed
CVE-2023-40630 was published Dec 14, 2023
SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to... Critical Unreviewed
CVE-2023-48925 was published Dec 14, 2023
PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an... Critical Unreviewed
CVE-2023-44709 was published Dec 14, 2023
An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD... Critical Unreviewed
CVE-2023-49934 was published Dec 14, 2023
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free,... Critical Unreviewed
CVE-2023-49937 was published Dec 14, 2023
Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code... Critical Unreviewed
CVE-2023-31546 was published Dec 14, 2023
SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3... Critical Unreviewed
CVE-2023-40921 was published Dec 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database