Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

318 advisories

Loading
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop... High Unreviewed
CVE-2021-44537 was published Jan 16, 2022
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction... High Unreviewed
CVE-2021-43097 was published Mar 30, 2022
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders... High Unreviewed
CVE-2022-28345 was published Apr 16, 2022
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy... High Unreviewed
CVE-2021-43269 was published Jan 21, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject... High Unreviewed
CVE-2022-27924 was published Apr 22, 2022
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. High Unreviewed
CVE-2020-8644 was published May 24, 2022
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an... High Unreviewed
CVE-2020-17496 was published May 24, 2022
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME... High Unreviewed
CVE-2020-5323 was published May 24, 2022
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to... High Unreviewed
CVE-2020-23148 was published May 24, 2022
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges... High Unreviewed
CVE-2020-18875 was published May 24, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14... High Unreviewed
CVE-2021-30653 was published May 24, 2022
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection... High Unreviewed
CVE-2020-23050 was published May 24, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed
CVE-2022-43932 was published Jan 5, 2023
Go before 1.15.12 and 1.16.x before 1.16.5 allows injection. High Unreviewed
CVE-2021-33195 was published May 24, 2022
It was discovered that the get_pid_info() function in data/apport did not properly parse the ... High Unreviewed
CVE-2021-25682 was published May 24, 2022
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for... High Unreviewed
CVE-2021-36913 was published Oct 11, 2022
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary... High Unreviewed
CVE-2021-36668 was published Jul 13, 2022
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2... High Unreviewed
CVE-2017-9133 was published May 17, 2022
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of... High Unreviewed
CVE-2017-2140 was published May 17, 2022
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code... High Unreviewed
CVE-2022-31593 was published Jul 13, 2022
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2... High Unreviewed
CVE-2017-9135 was published May 17, 2022
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify... High Unreviewed
CVE-2015-8258 was published May 17, 2022
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP. High Unreviewed
CVE-2022-26654 was published Jul 18, 2022
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL... High Unreviewed
CVE-2017-5585 was published May 17, 2022
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a... High Unreviewed
CVE-2015-3200 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database