Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,176
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Loading
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote... Moderate Unreviewed
CVE-2009-4267 was published May 2, 2022
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior... High Unreviewed
CVE-2022-0935 was published Apr 8, 2022
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470.... High Unreviewed
CVE-2021-42324 was published Apr 6, 2022
The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and... Moderate Unreviewed
CVE-2022-0450 was published Mar 29, 2022
Nicotine+ DoS on Null Character in Download Request High
CVE-2021-45848 was published for nicotine-plus (pip) Mar 16, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection... Moderate Unreviewed
CVE-2022-22344 was published Mar 15, 2022
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or... Moderate Unreviewed
CVE-2022-22734 was published Mar 15, 2022
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly... High Unreviewed
CVE-2022-22151 was published Mar 12, 2022
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as... High Unreviewed
CVE-2022-25235 was published Feb 17, 2022
A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface... Moderate Unreviewed
CVE-2021-43106 was published Feb 15, 2022
Improper escaping in XWiki Platform High
CVE-2020-13654 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 9, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible Moderate
CVE-2020-14330 was published for ansible (pip) Feb 9, 2022
Path traversal in xwiki-platform-skin-skinx Moderate
CVE-2022-23620 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Feb 9, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27,... Moderate Unreviewed
CVE-2022-0220 was published Feb 2, 2022
A command injection remote code execution vulnerability was discovered on Western Digital My... Critical Unreviewed
CVE-2022-22992 was published Jan 29, 2022
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user... Moderate Unreviewed
CVE-2021-45226 was published Jan 25, 2022
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is... Moderate Unreviewed
CVE-2021-29872 was published Jan 19, 2022
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed
CVE-2022-0210 was published Jan 19, 2022
There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is... Moderate Unreviewed
CVE-2021-40007 was published Dec 14, 2021
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log... Moderate Unreviewed
CVE-2021-43410 was published Dec 10, 2021
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI... Moderate Unreviewed
CVE-2021-20844 was published Nov 25, 2021
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker High
CVE-2021-41232 was published for github.com/stevenweathers/thunderdome-planning-poker (Go) Nov 8, 2021
Inconsistent input sanitisation leads to XSS vectors Critical
CVE-2021-41132 was published for omero-figure (pip) Oct 14, 2021
Improper Encoding or Escaping of Output in Asset Metadata Component High
CVE-2021-39170 was published for pimcore/pimcore (Composer) Sep 1, 2021
Authentication Bypass by Alternate Name in Apache Tomcat Moderate
CVE-2021-30640 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database