Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

320,597 advisories

Loading
Apache Ambari: Various Cross site scripting problems Moderate
CVE-2023-50378 was published for org.apache.ambari:ambari (Maven) Mar 1, 2024
oscerd Credited to oscerd
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3... Moderate Unreviewed
CVE-2024-27255 was published Mar 3, 2024
A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been... Moderate Unreviewed
CVE-2024-2156 was published Mar 4, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6,... Moderate Unreviewed
CVE-2023-4895 was published Feb 22, 2024
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to... High Unreviewed
CVE-2024-0410 was published Feb 22, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16... Moderate Unreviewed
CVE-2024-1525 was published Feb 22, 2024
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3... Moderate Unreviewed
CVE-2023-47745 was published Mar 3, 2024
IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting.... Moderate Unreviewed
CVE-2023-43054 was published Mar 3, 2024
An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions... Low Unreviewed
CVE-2023-3509 was published Feb 22, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6... Moderate Unreviewed
CVE-2023-6477 was published Feb 22, 2024
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which... High Unreviewed
CVE-2010-4657 was published Apr 21, 2022
Rbot Reaction plugin allows command execution Critical Unreviewed
CVE-2010-2446 was published Apr 21, 2022
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain... High Unreviewed
CVE-2010-5304 was published Apr 21, 2022
An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi... Critical Unreviewed
CVE-2009-5156 was published Apr 21, 2022
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss... High Unreviewed
CVE-2010-5335 was published Apr 21, 2022
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion Critical Unreviewed
CVE-2010-4239 was published Apr 21, 2022
A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not... High Unreviewed
CVE-2010-0737 was published Apr 21, 2022
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended... Critical Unreviewed
CVE-2010-2783 was published Apr 21, 2022
Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received... High Unreviewed
CVE-2010-3048 was published Apr 21, 2022
paxtest handles temporary files insecurely Moderate Unreviewed
CVE-2010-3373 was published Apr 21, 2022
I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. High Unreviewed
CVE-2005-2352 was published Apr 21, 2022
archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition. High Unreviewed
CVE-2006-4245 was published Apr 21, 2022
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the... Moderate Unreviewed
CVE-2010-5337 was published Apr 21, 2022
pixelpost 1.7.1-5 has SQL injection Critical Unreviewed
CVE-2009-4899 was published Apr 21, 2022
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (... Moderate Unreviewed
CVE-2021-4169 was published Dec 27, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database