Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

31,068 advisories

Loading
An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2024-25249 was published Feb 21, 2024
SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote... Critical Unreviewed
CVE-2023-37177 was published Feb 21, 2024
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the... Critical Unreviewed
CVE-2024-25893 was published Feb 21, 2024
ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the... Critical Unreviewed
CVE-2024-25894 was published Feb 21, 2024
ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the... Critical Unreviewed
CVE-2024-25897 was published Feb 21, 2024
Unauthenticated remote attackers can access the system through the LoadMaster management... Critical Unreviewed
CVE-2024-1212 was published Feb 21, 2024
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an... Critical Unreviewed
CVE-2024-1709 was published Feb 21, 2024
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string Critical
CVE-2024-23346 was published for pymatgen (pip) Feb 21, 2024
SteakEnthusiast Credited to SteakEnthusiast and mkhorton mkhorton mkhorton
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2023-47795 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Critical Unreviewed
CVE-2023-42945 was published Feb 21, 2024
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a... Critical Unreviewed
CVE-2024-1676 was published Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-26266 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25603 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting Critical
CVE-2024-26269 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-42498 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-42496 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting Critical
CVE-2024-25147 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25601 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting Critical
CVE-2024-25152 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting Critical
CVE-2024-25602 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting Critical
CVE-2023-40191 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 21, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` Critical
CVE-2024-1631 was published for @dfinity/auth-client (npm) Feb 21, 2024
peterpeterparker Credited to peterpeterparker and krpeacock krpeacock krpeacock
Improper Certificate Validation in apache airflow mongo hook Critical
CVE-2024-25141 was published for apache-airflow-providers-mongo (pip) Feb 20, 2024
Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware... Critical Unreviewed
CVE-2024-22245 was published Feb 20, 2024
A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig... Critical Unreviewed
CVE-2024-22097 was published Feb 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database