Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,396 advisories

Loading
** UNSUPPPORTED WHEN ASSIGNED ** Authentication Bypass by Assumed-Immutable Data vulnerability in... Critical Unreviewed
CVE-2023-4669 was published Sep 14, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4737 was published Sep 27, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4675 was published Dec 29, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-5046 was published Oct 12, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-5047 was published Nov 22, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-5634 was published Dec 1, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4674 was published Dec 29, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4830 was published Sep 15, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4833 was published Sep 15, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4832 was published Sep 14, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4766 was published Sep 14, 2023
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas... Critical Unreviewed
CVE-2023-4702 was published Sep 14, 2023
Honeywell Control Network Module (CNM) contains command injection vulnerability in the web... Critical Unreviewed
CVE-2026-5433 was published May 21, 2026
A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4... Critical Unreviewed
CVE-2026-44050 was published May 21, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-5045 was published Oct 12, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4673 was published Sep 15, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4835 was published Sep 15, 2023
Strapi may leak sensitive data via relational filtering due to lack of query sanitization Critical
CVE-2026-27886 was published for @strapi/strapi (npm) May 14, 2026
WildWestCyberSecurity Credited to WildWestCyberSecurity, innerdvations, derrickmehaffy, nclsndr, and Bassel17 innerdvations innerdvations
derrickmehaffy derrickmehaffy nclsndr nclsndr Bassel17 Bassel17
The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote... Critical Unreviewed
CVE-2026-6279 was published May 21, 2026
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL... Critical Unreviewed
CVE-2026-23450 was published Apr 3, 2026
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP... Critical Unreviewed
CVE-2026-9152 was published May 21, 2026
NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC... Critical Unreviewed
CVE-2026-33278 was published May 20, 2026
electerm allows unauthorized users to execute arbitrary commands Critical
CVE-2020-23256 was published for electerm (npm) Jan 20, 2023
filipeom Credited to filipeom
fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE Critical
CVE-2026-41586 was published for org.hyperledger.fabric-sdk-java:fabric-sdk-java (Maven) Apr 29, 2026
brodmart Credited to brodmart
Apache Tomcat: CLIENT_CERT authentication does not fail as expected Critical
CVE-2026-29145 was published for org.apache.tomcat:tomcat (Maven) Apr 9, 2026
aruneko Credited to aruneko
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database