Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Loading
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the... Moderate Unreviewed
CVE-2023-0595 was published Feb 24, 2023
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can... High Unreviewed
CVE-2022-39957 was published Sep 21, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially... High Unreviewed
CVE-2022-39958 was published Sep 21, 2022
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x... High Unreviewed
CVE-2020-26116 was published May 24, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP... Critical Unreviewed
CVE-2022-39956 was published Sep 21, 2022
The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in... Moderate Unreviewed
CVE-2022-2241 was published Aug 2, 2022
Path traversal in xwiki-platform-skin-skinx Moderate
CVE-2022-23620 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Feb 9, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui Critical
CVE-2022-41934 was published for org.xwiki.platform:xwiki-platform-menu-ui (Maven) Nov 21, 2022
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or... Moderate Unreviewed
CVE-2022-22734 was published Mar 15, 2022
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue... Critical Unreviewed
CVE-2022-4011 was published Nov 16, 2022
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection Critical
CVE-2022-36100 was published for org.xwiki.platform.applications:xwiki-application-tag (Maven) Sep 16, 2022
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability Critical
CVE-2022-36099 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) Sep 16, 2022
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed
CVE-2022-0210 was published Jan 19, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27,... Moderate Unreviewed
CVE-2022-0220 was published Feb 2, 2022
Command injection in Apache Maven maven-shared-utils Critical
CVE-2022-29599 was published for org.apache.maven.shared:maven-shared-utils (Maven) May 24, 2022
Cross-site Scripting in Jenkins Random String Parameter Plugin Moderate
CVE-2022-30966 was published for org.jenkins-ci.plugins:random-string-parameter (Maven) May 18, 2022
The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and... Moderate Unreviewed
CVE-2022-0450 was published Mar 29, 2022
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation... Moderate Unreviewed
CVE-2022-0421 was published Nov 21, 2022
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection Moderate
CVE-2022-2099 was published for woocommerce/woocommerce (Composer) Jul 18, 2022
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ... Critical Unreviewed
CVE-2022-34820 was published Jul 13, 2022
A command injection remote code execution vulnerability was discovered on Western Digital My... Critical Unreviewed
CVE-2022-22992 was published Jan 29, 2022
Heron allows CRLF log injection Critical
CVE-2021-42010 was published for org.apache.heron:heron-api (Maven) Oct 24, 2022
Nicotine+ DoS on Null Character in Download Request High
CVE-2021-45848 was published for nicotine-plus (pip) Mar 16, 2022
dojox vulnerable to unescaped string injection Critical
CVE-2018-15494 was published for dojox (npm) Oct 15, 2018
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database