GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,796
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
107,526 advisories
Filter by severity
Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin...
Moderate
Unreviewed
CVE-2023-4493
was published
Oct 4, 2023
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled...
Moderate
Unreviewed
CVE-2023-4495
was published
Oct 4, 2023
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled...
Moderate
Unreviewed
CVE-2023-4497
was published
Oct 4, 2023
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname,...
Moderate
Unreviewed
CVE-2023-4492
was published
Oct 4, 2023
gnark unsoundness in variable comparison / non-unique binary decomposition
Moderate
CVE-2023-44378
was published
for
github.com/consensys/gnark
(Go)
Oct 4, 2023
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
Moderate
Unreviewed
CVE-2023-5377
was published
Oct 4, 2023
Withdrawn Advisory: Netty-handler does not validate host names by default
Moderate
CVE-2023-4586
was published
for
io.netty:netty-handler
(Maven)
Oct 4, 2023
•
withdrawn
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low...
Moderate
Unreviewed
CVE-2022-4132
was published
Oct 4, 2023
Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which...
Moderate
Unreviewed
CVE-2023-4090
was published
Oct 4, 2023
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate...
Moderate
Unreviewed
CVE-2023-3153
was published
Oct 4, 2023
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of...
Moderate
Unreviewed
CVE-2023-4037
was published
Oct 4, 2023
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
Moderate
Unreviewed
CVE-2023-5375
was published
Oct 4, 2023
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious...
Moderate
Unreviewed
CVE-2023-44272
was published
Oct 4, 2023
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows...
Moderate
Unreviewed
CVE-2023-30734
was published
Oct 4, 2023
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows...
Moderate
Unreviewed
CVE-2023-30737
was published
Oct 4, 2023
Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows...
Moderate
Unreviewed
CVE-2023-30736
was published
Oct 4, 2023
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances...
Moderate
Unreviewed
CVE-2023-5368
was published
Oct 4, 2023
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized....
Moderate
Unreviewed
CVE-2023-5370
was published
Oct 4, 2023
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows...
Moderate
Unreviewed
CVE-2023-30731
was published
Oct 4, 2023
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL...
Moderate
Unreviewed
CVE-2023-5291
was published
Oct 4, 2023
The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2023-5357
was published
Oct 4, 2023
IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This...
Moderate
Unreviewed
CVE-2023-35905
was published
Oct 4, 2023
The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a...
Moderate
Unreviewed
CVE-2023-3213
was published
Oct 4, 2023
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function...
Moderate
Unreviewed
CVE-2023-43898
was published
Oct 3, 2023
A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal...
Moderate
Unreviewed
CVE-2023-40519
was published
Oct 3, 2023
ProTip!
Advisories are also available from the
GraphQL API