Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
Secret disclosure when containing characters that become URI encoded High
CVE-2020-26226 was published for semantic-release (npm) Nov 18, 2020
dbjorge
Insufficient output escaping of attachment names in PHPMailer High
CVE-2020-13625 was published for phpmailer/phpmailer (Composer) May 27, 2020
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly... High Unreviewed
CVE-2022-22151 was published Mar 12, 2022
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470.... High Unreviewed
CVE-2021-42324 was published Apr 6, 2022
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior... High Unreviewed
CVE-2022-0935 was published Apr 8, 2022
Cross-site Scripting in Filter Stream Converter Application in XWiki Platform High
CVE-2022-29258 was published for org.xwiki.platform:xwiki-platform-filter-ui (Maven) Jun 1, 2022
Cross-site Scripting in wiki manager join wiki page High
CVE-2022-29252 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) May 25, 2022
Cross-site Scripting in the Flamingo theme manager High
CVE-2022-29251 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) May 25, 2022
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the... High Unreviewed
CVE-2022-23079 was published Jun 23, 2022
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled... High Unreviewed
CVE-2022-28374 was published Jul 15, 2022
Shell command injection in gitea High
CVE-2022-30781 was published for code.gitea.io/gitea (Go) May 17, 2022
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as... High Unreviewed
CVE-2022-25235 was published Feb 17, 2022
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can... High Unreviewed
CVE-2020-35475 was published May 24, 2022
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private... High Unreviewed
CVE-2020-25646 was published May 24, 2022
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly... High Unreviewed
CVE-2020-24849 was published May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized... High Unreviewed
CVE-2021-20405 was published May 24, 2022
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header... High Unreviewed
CVE-2022-40870 was published Nov 23, 2022
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator... High Unreviewed
CVE-2021-23205 was published May 24, 2022
IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote... High Unreviewed
CVE-2020-4850 was published May 24, 2022
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by... High Unreviewed
CVE-2021-29854 was published May 4, 2022
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a... High Unreviewed
CVE-2016-2568 was published May 13, 2022
Improper Encoding or Escaping of Output and Injection in LibreNMS High
CVE-2019-12463 was published for librenms/librenms (Composer) Oct 11, 2019
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended... High Unreviewed
CVE-2013-4547 was published May 13, 2022
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager ... High Unreviewed
CVE-2018-8920 was published May 13, 2022
Improper Encoding or Escaping of Output in Asset Metadata Component High
CVE-2021-39170 was published for pimcore/pimcore (Composer) Sep 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database