GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
Improper Encoding or Escaping of Output and Injection in LibreNMS
High
CVE-2019-12463
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Insufficient output escaping of attachment names in PHPMailer
High
CVE-2020-13625
was published
for
phpmailer/phpmailer
(Composer)
May 27, 2020
Secret disclosure when containing characters that become URI encoded
High
CVE-2020-26226
was published
for
semantic-release
(npm)
Nov 18, 2020
Improper Encoding or Escaping of Output in Asset Metadata Component
High
CVE-2021-39170
was published
for
pimcore/pimcore
(Composer)
Sep 1, 2021
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker
High
CVE-2021-41232
was published
for
github.com/stevenweathers/thunderdome-planning-poker
(Go)
Nov 8, 2021
Improper escaping in XWiki Platform
High
CVE-2020-13654
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Feb 9, 2022
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as...
High
Unreviewed
CVE-2022-25235
was published
Feb 17, 2022
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly...
High
Unreviewed
CVE-2022-22151
was published
Mar 12, 2022
Nicotine+ DoS on Null Character in Download Request
High
CVE-2021-45848
was published
for
nicotine-plus
(pip)
Mar 16, 2022
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470....
High
Unreviewed
CVE-2021-42324
was published
Apr 6, 2022
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior...
High
Unreviewed
CVE-2022-0935
was published
Apr 8, 2022
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by...
High
Unreviewed
CVE-2021-29854
was published
May 4, 2022
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a...
High
Unreviewed
CVE-2016-2568
was published
May 13, 2022
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended...
High
Unreviewed
CVE-2013-4547
was published
May 13, 2022
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager ...
High
Unreviewed
CVE-2018-8920
was published
May 13, 2022
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8...
High
Unreviewed
CVE-2018-8609
was published
May 13, 2022
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1...
High
Unreviewed
CVE-2014-9938
was published
May 13, 2022
The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior...
High
Unreviewed
CVE-2017-12064
was published
May 13, 2022
Shell command injection in gitea
High
CVE-2022-30781
was published
for
code.gitea.io/gitea
(Go)
May 17, 2022
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special...
High
Unreviewed
CVE-2016-3063
was published
May 17, 2022
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary...
High
Unreviewed
CVE-2018-16386
was published
May 24, 2022
LibreOffice documents can contain macros. The execution of those macros is controlled by the...
High
Unreviewed
CVE-2019-9853
was published
May 24, 2022
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD)...
High
Unreviewed
CVE-2019-12675
was published
May 24, 2022
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD)...
High
Unreviewed
CVE-2019-12674
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API