GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
209 advisories
Filter by severity
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be...
Unknown
Unreviewed
CVE-2023-29541
was published
Jun 2, 2023
When copying a network request from the developer tools panel as a curl command the output was...
Moderate
Unreviewed
CVE-2023-23599
was published
Jun 2, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an attacker can use a specially...
Low
Unreviewed
CVE-2023-32712
was published
Jun 1, 2023
A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that...
Moderate
Unreviewed
CVE-2023-1711
was published
May 30, 2023
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@'...
Moderate
Unreviewed
CVE-2023-31669
was published
May 23, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template
Critical
CVE-2023-32071
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
May 9, 2023
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints
Low
CVE-2023-30844
was published
for
github.com/mutagen-io/mutagen
(Go)
May 5, 2023
PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to...
High
Unreviewed
CVE-2022-30351
was published
Mar 30, 2023
Sudo before 1.9.13 does not escape control characters in log messages.
Moderate
Unreviewed
CVE-2023-28486
was published
Mar 16, 2023
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
Moderate
Unreviewed
CVE-2023-28487
was published
Mar 16, 2023
XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
Critical
CVE-2023-26472
was published
for
org.xwiki.platform:xwiki-platform-icon-ui
(Maven)
Mar 3, 2023
Keycloak Cross-site Scripting on OpenID connect login service
High
CVE-2022-4137
was published
for
org.keycloak:keycloak-parent
(Maven)
Mar 1, 2023
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the...
Moderate
Unreviewed
CVE-2023-0595
was published
Feb 24, 2023
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection...
Critical
Unreviewed
CVE-2022-48339
was published
Feb 21, 2023
Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler...
Critical
Unreviewed
CVE-2022-25987
was published
Feb 16, 2023
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection...
Moderate
Unreviewed
CVE-2022-45102
was published
Feb 1, 2023
A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability...
Moderate
Unreviewed
CVE-2015-10040
was published
Jan 13, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an...
Critical
Unreviewed
CVE-2015-10011
was published
Jan 3, 2023
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines
High
CVE-2020-36567
was published
for
github.com/gin-gonic/gin
(Go)
Dec 27, 2022
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through...
Moderate
Unreviewed
CVE-2021-38997
was published
Dec 12, 2022
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header...
High
Unreviewed
CVE-2022-40870
was published
Nov 23, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
Critical
CVE-2022-41934
was published
for
org.xwiki.platform:xwiki-platform-menu-ui
(Maven)
Nov 21, 2022
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation...
Moderate
Unreviewed
CVE-2022-0421
was published
Nov 21, 2022
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue...
Critical
Unreviewed
CVE-2022-4011
was published
Nov 16, 2022
ProTip!
Advisories are also available from the
GraphQL API