Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Loading
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site... Moderate Unreviewed
CVE-2023-37875 was published Sep 14, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain... Critical Unreviewed
CVE-2023-46300 was published Oct 22, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain... Critical Unreviewed
CVE-2023-46301 was published Oct 22, 2023
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with... High Unreviewed
CVE-2023-36921 was published Jul 11, 2023
Insert tag injection in the Contao login module Moderate
CVE-2019-19714 was published for contao/contao (Composer) Dec 17, 2019
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel
Moodle Improper Encoding or Escaping of Output Moderate
CVE-2021-40694 was published for moodle/moodle (Composer) Sep 30, 2022
Improper escaping in XWiki Platform High
CVE-2020-13654 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 9, 2022
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast bnf
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An... Unknown Unreviewed
CVE-2024-4420 was published May 21, 2024
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device High
CVE-2023-43620 was published for github.com/schollz/croc/v9 (Go) Sep 20, 2023
schollz
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf pattisdr
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server... High Unreviewed
CVE-2024-4177 was published Jun 6, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape... Critical Unreviewed
CVE-2023-38316 was published Nov 17, 2023
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an... Critical Unreviewed
CVE-2024-38475 was published Jul 1, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header... Moderate Unreviewed
CVE-2024-39736 was published Jul 15, 2024
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via... High Unreviewed
CVE-2024-27629 was published Jun 29, 2024
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with... High Unreviewed
CVE-2024-38473 was published Jul 1, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6... Moderate Unreviewed
CVE-2024-6329 was published Aug 8, 2024
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2023-26289 was published Jul 30, 2024
Windows App Installer Spoofing Vulnerability High Unreviewed
CVE-2024-38177 was published Aug 13, 2024
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible... High Unreviewed
CVE-2024-34739 was published Aug 16, 2024
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows... Critical Unreviewed
CVE-2024-38474 was published Jul 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database