GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x...
High
Unreviewed
CVE-2020-26116
was published
May 24, 2022
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private...
High
Unreviewed
CVE-2020-25646
was published
May 24, 2022
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly...
High
Unreviewed
CVE-2020-24849
was published
May 24, 2022
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can...
High
Unreviewed
CVE-2020-35475
was published
May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized...
High
Unreviewed
CVE-2021-20405
was published
May 24, 2022
IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote...
High
Unreviewed
CVE-2020-4850
was published
May 24, 2022
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator...
High
Unreviewed
CVE-2021-23205
was published
May 24, 2022
Improper Encoding or Escaping of Output in Apache Superset
High
CVE-2021-42250
was published
for
apache-superset
(pip)
May 24, 2022
Cross-site Scripting in the Flamingo theme manager
High
CVE-2022-29251
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
May 25, 2022
Cross-site Scripting in wiki manager join wiki page
High
CVE-2022-29252
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
May 25, 2022
Cross-site Scripting in Filter Stream Converter Application in XWiki Platform
High
CVE-2022-29258
was published
for
org.xwiki.platform:xwiki-platform-filter-ui
(Maven)
Jun 1, 2022
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the...
High
Unreviewed
CVE-2022-23079
was published
Jun 23, 2022
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled...
High
Unreviewed
CVE-2022-28374
was published
Jul 15, 2022
ansible-runner vulnerable to shell command injection
High
CVE-2021-4041
was published
for
ansible-runner
(pip)
Aug 25, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially...
High
Unreviewed
CVE-2022-39958
was published
Sep 21, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can...
High
Unreviewed
CVE-2022-39957
was published
Sep 21, 2022
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can...
High
Unreviewed
CVE-2022-41322
was published
Sep 25, 2022
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header...
High
Unreviewed
CVE-2022-40870
was published
Nov 23, 2022
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines
High
CVE-2020-36567
was published
for
github.com/gin-gonic/gin
(Go)
Dec 27, 2022
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Keycloak Cross-site Scripting on OpenID connect login service
High
CVE-2022-4137
was published
for
org.keycloak:keycloak-parent
(Maven)
Mar 1, 2023
PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to...
High
Unreviewed
CVE-2022-30351
was published
Mar 30, 2023
TeamPass vulnerable to Improper Encoding or Escaping of Output
High
CVE-2023-3552
was published
for
nilsteampassnet/teampass
(Composer)
Jul 8, 2023
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with...
High
Unreviewed
CVE-2023-36921
was published
Jul 11, 2023
Controller DoS due to stack overflow when decoding a message from the server
High
Unreviewed
CVE-2023-24480
was published
Jul 13, 2023
ProTip!
Advisories are also available from the
GraphQL API