Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

219 advisories

Loading
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display... Moderate Unreviewed
CVE-2019-6109 was published May 13, 2022
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps... Moderate Unreviewed
CVE-2019-0857 was published May 13, 2022
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8... High Unreviewed
CVE-2018-8609 was published May 13, 2022
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server ... Moderate Unreviewed
CVE-2018-2389 was published May 13, 2022
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager ... High Unreviewed
CVE-2018-8920 was published May 13, 2022
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended... High Unreviewed
CVE-2013-4547 was published May 13, 2022
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a... High Unreviewed
CVE-2016-2568 was published May 13, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for... Moderate Unreviewed
CVE-2021-39027 was published May 7, 2022
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by... High Unreviewed
CVE-2021-29854 was published May 4, 2022
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote... Moderate Unreviewed
CVE-2009-4267 was published May 2, 2022
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior... High Unreviewed
CVE-2022-0935 was published Apr 8, 2022
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470.... High Unreviewed
CVE-2021-42324 was published Apr 6, 2022
The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and... Moderate Unreviewed
CVE-2022-0450 was published Mar 29, 2022
Nicotine+ DoS on Null Character in Download Request High
CVE-2021-45848 was published for nicotine-plus (pip) Mar 16, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection... Moderate Unreviewed
CVE-2022-22344 was published Mar 15, 2022
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or... Moderate Unreviewed
CVE-2022-22734 was published Mar 15, 2022
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly... High Unreviewed
CVE-2022-22151 was published Mar 12, 2022
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as... High Unreviewed
CVE-2022-25235 was published Feb 17, 2022
A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface... Moderate Unreviewed
CVE-2021-43106 was published Feb 15, 2022
Improper escaping in XWiki Platform High
CVE-2020-13654 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 9, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible Moderate
CVE-2020-14330 was published for ansible (pip) Feb 9, 2022
Path traversal in xwiki-platform-skin-skinx Moderate
CVE-2022-23620 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Feb 9, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27,... Moderate Unreviewed
CVE-2022-0220 was published Feb 2, 2022
A command injection remote code execution vulnerability was discovered on Western Digital My... Critical Unreviewed
CVE-2022-22992 was published Jan 29, 2022
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user... Moderate Unreviewed
CVE-2021-45226 was published Jan 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database