Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

77 advisories

Loading
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8... High Unreviewed
CVE-2018-8609 was published May 13, 2022
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1... High Unreviewed
CVE-2014-9938 was published May 13, 2022
The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior... High Unreviewed
CVE-2017-12064 was published May 13, 2022
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can... High Unreviewed
CVE-2022-41322 was published Sep 25, 2022
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines High
CVE-2020-36567 was published for github.com/gin-gonic/gin (Go) Dec 27, 2022
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special... High Unreviewed
CVE-2016-3063 was published May 17, 2022
PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to... High Unreviewed
CVE-2022-30351 was published Mar 30, 2023
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially... High Unreviewed
CVE-2022-39958 was published Sep 21, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can... High Unreviewed
CVE-2022-39957 was published Sep 21, 2022
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x... High Unreviewed
CVE-2020-26116 was published May 24, 2022
Nicotine+ DoS on Null Character in Download Request High
CVE-2021-45848 was published for nicotine-plus (pip) Mar 16, 2022
Keycloak Cross-site Scripting on OpenID connect login service High
CVE-2022-4137 was published for org.keycloak:keycloak-parent (Maven) Mar 1, 2023
TeamPass vulnerable to Improper Encoding or Escaping of Output High
CVE-2023-3552 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
PrestaShop XSS injection through Validate::isCleanHTML method High
CVE-2023-39527 was published for prestashop/prestashop (Composer) Aug 9, 2023
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability... High Unreviewed
CVE-2023-3997 was published Jul 31, 2023
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker High
CVE-2021-41232 was published for github.com/stevenweathers/thunderdome-planning-poker (Go) Nov 8, 2021
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a... High Unreviewed
CVE-2024-1064 was published Feb 3, 2024
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can... High Unreviewed
CVE-2023-4571 was published Aug 30, 2023
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary... High Unreviewed
CVE-2018-16386 was published May 24, 2022
LibreOffice documents can contain macros. The execution of those macros is controlled by the... High Unreviewed
CVE-2019-9853 was published May 24, 2022
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD)... High Unreviewed
CVE-2019-12674 was published May 24, 2022
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD)... High Unreviewed
CVE-2019-12675 was published May 24, 2022
Controller DoS due to stack overflow when decoding a message from the server High Unreviewed
CVE-2023-24480 was published Jul 13, 2023
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with... High Unreviewed
CVE-2023-36921 was published Jul 11, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database