Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,142 advisories

Loading
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s... Moderate Unreviewed
CVE-2021-42117 was published Dec 1, 2021
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov High
CVE-2020-7596 was published for codecov (npm) May 24, 2022
mmcshinsky-bitgo
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch Critical
CVE-2022-36084 was published for cruddl (npm) Sep 16, 2022
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an... High Unreviewed
CVE-2020-17496 was published May 24, 2022
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious... Moderate Unreviewed
CVE-2021-29416 was published May 24, 2022
http before 0.13.3 vulnerable to header injection Moderate
CVE-2020-35669 was published for http (Pub) May 24, 2022
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME... High Unreviewed
CVE-2020-5323 was published May 24, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2021-26084 was published May 24, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to... High Unreviewed
CVE-2020-23148 was published May 24, 2022
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local... Critical Unreviewed
CVE-2022-32269 was published Jun 4, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2022-26134 was published Jun 4, 2022
Server-Side Request Forgery in Jodd HTTP High
CVE-2022-29631 was published for org.jodd:jodd-http (Maven) Jun 7, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges... High Unreviewed
CVE-2020-18875 was published May 24, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14... High Unreviewed
CVE-2021-30653 was published May 24, 2022
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation... Moderate Unreviewed
CVE-2021-42663 was published May 24, 2022
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection... High Unreviewed
CVE-2020-23050 was published May 24, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed
CVE-2022-43932 was published Jan 5, 2023
Go before 1.15.12 and 1.16.x before 1.16.5 allows injection. High Unreviewed
CVE-2021-33195 was published May 24, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness... Critical Unreviewed
CVE-2021-0268 was published May 24, 2022
It was discovered that the get_pid_info() function in data/apport did not properly parse the ... High Unreviewed
CVE-2021-25682 was published May 24, 2022
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. Moderate Unreviewed
CVE-2021-40658 was published Jun 15, 2022
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to... Moderate Unreviewed
CVE-2022-29269 was published Jun 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database