GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
209 advisories
Filter by severity
Improper Input Validation in Symfony
Critical
CVE-2019-11325
was published
for
symfony/symfony
(Composer)
Feb 12, 2020
Secret disclosure when containing characters that become URI encoded
High
CVE-2020-26226
was published
for
semantic-release
(npm)
Nov 18, 2020
Control character injection in console output in github.com/ipfs/go-ipfs
Moderate
CVE-2020-26283
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Insufficient output escaping of attachment names in PHPMailer
High
CVE-2020-13625
was published
for
phpmailer/phpmailer
(Composer)
May 27, 2020
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly...
High
Unreviewed
CVE-2022-22151
was published
Mar 12, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection...
Moderate
Unreviewed
CVE-2022-22344
was published
Mar 15, 2022
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470....
High
Unreviewed
CVE-2021-42324
was published
Apr 6, 2022
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior...
High
Unreviewed
CVE-2022-0935
was published
Apr 8, 2022
Cross-site Scripting in Filter Stream Converter Application in XWiki Platform
High
CVE-2022-29258
was published
for
org.xwiki.platform:xwiki-platform-filter-ui
(Maven)
Jun 1, 2022
Cross-site Scripting in wiki manager join wiki page
High
CVE-2022-29252
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
May 25, 2022
Cross-site Scripting in the Flamingo theme manager
High
CVE-2022-29251
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
May 25, 2022
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc...
Critical
Unreviewed
CVE-2021-28940
was published
May 24, 2022
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the...
High
Unreviewed
CVE-2022-23079
was published
Jun 23, 2022
Log Injection in Apache Sling Commons Log and Apache Sling API
Moderate
CVE-2022-32549
was published
for
org.apache.sling:org.apache.sling.api
(Maven)
Jun 23, 2022
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled...
Critical
Unreviewed
CVE-2022-28375
was published
Jul 15, 2022
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled...
High
Unreviewed
CVE-2022-28374
was published
Jul 15, 2022
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component ...
Critical
Unreviewed
CVE-2022-41443
was published
Oct 4, 2022
Shell command injection in gitea
High
CVE-2022-30781
was published
for
code.gitea.io/gitea
(Go)
May 17, 2022
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Critical
CVE-2020-36599
was published
for
omniauth
(RubyGems)
Aug 19, 2022
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to...
Moderate
Unreviewed
CVE-2020-24972
was published
May 24, 2022
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP...
Moderate
Unreviewed
CVE-2022-34316
was published
Nov 15, 2022
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as...
High
Unreviewed
CVE-2022-25235
was published
Feb 17, 2022
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display...
Moderate
Unreviewed
CVE-2019-6109
was published
May 13, 2022
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for...
Moderate
Unreviewed
CVE-2020-27604
was published
May 24, 2022
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through...
Moderate
Unreviewed
CVE-2021-38997
was published
Dec 12, 2022
ProTip!
Advisories are also available from the
GraphQL API