GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
209 advisories
Filter by severity
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP...
Moderate
Unreviewed
CVE-2022-34316
was published
Nov 15, 2022
A vulnerability has been found in Activity Log Plugin and classified as critical. This...
Critical
Unreviewed
CVE-2022-3941
was published
Nov 11, 2022
Heron allows CRLF log injection
Critical
CVE-2021-42010
was published
for
org.apache.heron:heron-api
(Maven)
Oct 24, 2022
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component ...
Critical
Unreviewed
CVE-2022-41443
was published
Oct 4, 2022
Moodle Improper Encoding or Escaping of Output
Moderate
CVE-2021-40694
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can...
High
Unreviewed
CVE-2022-41322
was published
Sep 25, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can...
High
Unreviewed
CVE-2022-39957
was published
Sep 21, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially...
High
Unreviewed
CVE-2022-39958
was published
Sep 21, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP...
Critical
Unreviewed
CVE-2022-39956
was published
Sep 21, 2022
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
Critical
CVE-2022-36099
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
Sep 16, 2022
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Critical
CVE-2022-36100
was published
for
org.xwiki.platform.applications:xwiki-application-tag
(Maven)
Sep 16, 2022
ansible-runner vulnerable to shell command injection
High
CVE-2021-4041
was published
for
ansible-runner
(pip)
Aug 25, 2022
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Critical
CVE-2020-36599
was published
for
omniauth
(RubyGems)
Aug 19, 2022
The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in...
Moderate
Unreviewed
CVE-2022-2241
was published
Aug 2, 2022
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
Critical
Unreviewed
CVE-2022-36446
was published
Jul 26, 2022
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
Moderate
CVE-2022-2099
was published
for
woocommerce/woocommerce
(Composer)
Jul 18, 2022
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled...
High
Unreviewed
CVE-2022-28374
was published
Jul 15, 2022
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled...
Critical
Unreviewed
CVE-2022-28375
was published
Jul 15, 2022
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ...
Critical
Unreviewed
CVE-2022-34820
was published
Jul 13, 2022
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the...
High
Unreviewed
CVE-2022-23079
was published
Jun 23, 2022
Log Injection in Apache Sling Commons Log and Apache Sling API
Moderate
CVE-2022-32549
was published
for
org.apache.sling:org.apache.sling.api
(Maven)
Jun 23, 2022
Cross-site Scripting in Filter Stream Converter Application in XWiki Platform
High
CVE-2022-29258
was published
for
org.xwiki.platform:xwiki-platform-filter-ui
(Maven)
Jun 1, 2022
Cross-site Scripting in wiki manager join wiki page
High
CVE-2022-29252
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
May 25, 2022
Cross-site Scripting in the Flamingo theme manager
High
CVE-2022-29251
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
May 25, 2022
Improper Encoding or Escaping of Output in Apache Superset
Moderate
CVE-2021-42250
was published
for
apache-superset
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API