GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,176
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603,...
Moderate
Unreviewed
CVE-2023-36924
was published
Jul 11, 2023
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to...
High
Unreviewed
CVE-2023-36925
was published
Jul 11, 2023
SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an...
Moderate
Unreviewed
CVE-2023-31405
was published
Jul 11, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an attacker can use a specially...
Low
Unreviewed
CVE-2023-32712
was published
Jun 1, 2023
A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that...
Moderate
Unreviewed
CVE-2023-1711
was published
May 30, 2023
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the...
Moderate
Unreviewed
CVE-2023-0595
was published
Feb 24, 2023
Shopware's log module vulnerable to Improper Output Neutralization
Low
CVE-2023-22733
was published
for
shopware/core
(Composer)
Jan 20, 2023
A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an...
Critical
Unreviewed
CVE-2015-10011
was published
Jan 3, 2023
Yapscan's report receiver server vulnerable to path traversal and log injection
High
GHSA-9h6h-9g78-86f7
was published
for
github.com/fkie-cad/yapscan
(Go)
Dec 29, 2022
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines
High
CVE-2020-36567
was published
for
github.com/gin-gonic/gin
(Go)
Dec 27, 2022
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue...
Critical
Unreviewed
CVE-2022-4011
was published
Nov 16, 2022
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable...
Moderate
Unreviewed
CVE-2022-1522
was published
Sep 7, 2022
Log Injection in Apache Sling Commons Log and Apache Sling API
Moderate
CVE-2022-32549
was published
for
org.apache.sling:org.apache.sling.api
(Maven)
Jun 23, 2022
Improper Output Neutralization for Logs in Spring Framework
Moderate
CVE-2021-22096
was published
for
org.springframework:spring
(Maven)
May 24, 2022
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being...
Moderate
Unreviewed
CVE-2021-20333
was published
May 24, 2022
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the...
Moderate
Unreviewed
CVE-2019-14854
was published
May 24, 2022
Ansible Uses Plugins That Disclose Credentials
High
CVE-2019-14846
was published
for
ansible
(pip)
May 24, 2022
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when...
Moderate
Unreviewed
CVE-2018-10932
was published
May 13, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
Moderate
CVE-2020-14332
was published
for
ansible
(pip)
Feb 9, 2022
Sensitive Data Exposure in Openshift Container Platform
Moderate
Unreviewed
CVE-2019-10213
was published
May 17, 2021
Log Forging in generator-jhipster-kotlin
Moderate
CVE-2020-4072
was published
for
generator-jhipster-kotlin
(npm)
Jun 25, 2020
ProTip!
Advisories are also available from the
GraphQL API