Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

467 advisories

Loading
Withdrawn Advisory: HTML injections in BTCPayServer High
CVE-2023-0493 was published for BTCPayServer.Client (NuGet) Jan 27, 2023 withdrawn
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1... High Unreviewed
CVE-2022-4092 was published Jan 26, 2023
** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the... High Unreviewed
CVE-2023-24040 was published Jan 21, 2023
ExifTool vulnerable to arbitrary code execution High
GHSA-q95h-cqrv-8jv5 was published for exiftool_vendored (RubyGems) Jan 20, 2023
dgollahon
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is... High Unreviewed
CVE-2023-23749 was published Jan 17, 2023
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub... High Unreviewed
CVE-2023-0302 was published Jan 15, 2023
Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection. High Unreviewed
CVE-2022-47083 was published Jan 10, 2023
Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed
CVE-2022-43932 was published Jan 5, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel
A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the... High Unreviewed
CVE-2017-20161 was published Jan 2, 2023
Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who... High Unreviewed
CVE-2022-46873 was published Dec 22, 2022
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by... High Unreviewed
CVE-2022-43883 was published Dec 19, 2022
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via... High Unreviewed
CVE-2022-3724 was published Dec 9, 2022
A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This... High Unreviewed
CVE-2022-4322 was published Dec 7, 2022
A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some... High Unreviewed
CVE-2022-4300 was published Dec 6, 2022
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is... High Unreviewed
CVE-2022-4282 was published Dec 5, 2022
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and... High Unreviewed
CVE-2022-35507 was published Dec 4, 2022
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is... High Unreviewed
CVE-2022-3967 was published Nov 13, 2022
Withdrawn: Octocat.js vulnerable to code injection High
CVE-2022-39390 was published for octocat.js (npm) Nov 8, 2022 withdrawn
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on... High Unreviewed
CVE-2022-41716 was published Nov 2, 2022
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated... High Unreviewed
CVE-2022-39016 was published Nov 1, 2022
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all... High Unreviewed
CVE-2022-3060 was published Oct 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database