Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,796
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

107,526 advisories

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin... Moderate Unreviewed
CVE-2023-4493 was published Oct 4, 2023
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled... Moderate Unreviewed
CVE-2023-4495 was published Oct 4, 2023
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled... Moderate Unreviewed
CVE-2023-4497 was published Oct 4, 2023
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname,... Moderate Unreviewed
CVE-2023-4492 was published Oct 4, 2023
gnark unsoundness in variable comparison / non-unique binary decomposition Moderate
CVE-2023-44378 was published for github.com/consensys/gnark (Go) Oct 4, 2023
kustosz
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. Moderate Unreviewed
CVE-2023-5377 was published Oct 4, 2023
Withdrawn Advisory: Netty-handler does not validate host names by default Moderate
CVE-2023-4586 was published for io.netty:netty-handler (Maven) Oct 4, 2023 withdrawn
normanmaurer
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low... Moderate Unreviewed
CVE-2022-4132 was published Oct 4, 2023
Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which... Moderate Unreviewed
CVE-2023-4090 was published Oct 4, 2023
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate... Moderate Unreviewed
CVE-2023-3153 was published Oct 4, 2023
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of... Moderate Unreviewed
CVE-2023-4037 was published Oct 4, 2023
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. Moderate Unreviewed
CVE-2023-5375 was published Oct 4, 2023
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious... Moderate Unreviewed
CVE-2023-44272 was published Oct 4, 2023
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows... Moderate Unreviewed
CVE-2023-30734 was published Oct 4, 2023
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows... Moderate Unreviewed
CVE-2023-30737 was published Oct 4, 2023
Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows... Moderate Unreviewed
CVE-2023-30736 was published Oct 4, 2023
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances... Moderate Unreviewed
CVE-2023-5368 was published Oct 4, 2023
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized.... Moderate Unreviewed
CVE-2023-5370 was published Oct 4, 2023
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows... Moderate Unreviewed
CVE-2023-30731 was published Oct 4, 2023
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL... Moderate Unreviewed
CVE-2023-5291 was published Oct 4, 2023
The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2023-5357 was published Oct 4, 2023
IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2023-35905 was published Oct 4, 2023
The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a... Moderate Unreviewed
CVE-2023-3213 was published Oct 4, 2023
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function... Moderate Unreviewed
CVE-2023-43898 was published Oct 3, 2023
A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal... Moderate Unreviewed
CVE-2023-40519 was published Oct 3, 2023
ProTip! Advisories are also available from the GraphQL API