Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

86 advisories

Loading
Control character injection in console output in github.com/ipfs/go-ipfs Moderate
CVE-2020-26283 was published for github.com/ipfs/go-ipfs (Go) Jun 23, 2021
tintinweb
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection... Moderate Unreviewed
CVE-2022-22344 was published Mar 15, 2022
Log Injection in Apache Sling Commons Log and Apache Sling API Moderate
CVE-2022-32549 was published for org.apache.sling:org.apache.sling.api (Maven) Jun 23, 2022
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to... Moderate Unreviewed
CVE-2020-24972 was published May 24, 2022
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP... Moderate Unreviewed
CVE-2022-34316 was published Nov 15, 2022
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display... Moderate Unreviewed
CVE-2019-6109 was published May 13, 2022
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for... Moderate Unreviewed
CVE-2020-27604 was published May 24, 2022
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through... Moderate Unreviewed
CVE-2021-38997 was published Dec 12, 2022
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter... Moderate Unreviewed
CVE-2020-28954 was published May 24, 2022
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows... Moderate Unreviewed
CVE-2020-29023 was published May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get... Moderate Unreviewed
CVE-2021-32072 was published May 24, 2022
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A... Moderate Unreviewed
CVE-2021-38751 was published May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to... Moderate Unreviewed
CVE-2021-32067 was published May 24, 2022
Under very specific conditions a user could be impersonated using Gitlab shell. This... Moderate Unreviewed
CVE-2021-22254 was published May 24, 2022
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Moderate Unreviewed
CVE-2021-39367 was published May 24, 2022
A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability... Moderate Unreviewed
CVE-2015-10040 was published Jan 13, 2023
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote... Moderate Unreviewed
CVE-2009-4267 was published May 2, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for... Moderate Unreviewed
CVE-2021-39027 was published May 7, 2022
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server ... Moderate Unreviewed
CVE-2018-2389 was published May 13, 2022
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps... Moderate Unreviewed
CVE-2019-0857 was published May 13, 2022
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI... Moderate Unreviewed
CVE-2021-20844 was published Nov 25, 2021
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log... Moderate Unreviewed
CVE-2021-43410 was published Dec 10, 2021
There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is... Moderate Unreviewed
CVE-2021-40007 was published Dec 14, 2021
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches,... Moderate Unreviewed
CVE-2017-12340 was published May 13, 2022
Log value insertion in craftercms Moderate
CVE-2021-23266 was published for org.craftercms:craftercms (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database