GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,369
Composer 4,373
Erlang 33
GitHub Actions 22
Go 2,135
Maven 5,313
npm 3,797
NuGet 687
pip 3,478
Pub 12
RubyGems 896
Rust 897
Swift 38

Unreviewed advisories

All unreviewed 245,479

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

67 advisories

Filter by severity

Sort by

Least recently updated

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@'... Moderate Unreviewed

CVE-2023-31669 was published May 23, 2023

Sudo before 1.9.13 does not escape control characters in log messages. Moderate Unreviewed

CVE-2023-28486 was published Mar 16, 2023

Sudo before 1.9.13 does not escape control characters in sudoreplay output. Moderate Unreviewed

CVE-2023-28487 was published Mar 16, 2023

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the... Moderate Unreviewed

CVE-2023-0595 was published Feb 24, 2023

Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection... Moderate Unreviewed

CVE-2022-45102 was published Feb 1, 2023

A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability... Moderate Unreviewed

CVE-2015-10040 was published Jan 13, 2023

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through... Moderate Unreviewed

CVE-2021-38997 was published Dec 12, 2022

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation... Moderate Unreviewed

CVE-2022-0421 was published Nov 21, 2022

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP... Moderate Unreviewed

CVE-2022-34316 was published Nov 15, 2022

The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in... Moderate Unreviewed

CVE-2022-2241 was published Aug 2, 2022

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Moderate Unreviewed

CVE-2021-39367 was published May 24, 2022

Under very specific conditions a user could be impersonated using Gitlab shell. This... Moderate Unreviewed

CVE-2021-22254 was published May 24, 2022

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A... Moderate Unreviewed

CVE-2021-38751 was published May 24, 2022

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to... Moderate Unreviewed

CVE-2021-32067 was published May 24, 2022

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get... Moderate Unreviewed

CVE-2021-32072 was published May 24, 2022

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being... Moderate Unreviewed

CVE-2021-20333 was published May 24, 2022

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug... Moderate Unreviewed

CVE-2021-31806 was published May 24, 2022

Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows... Moderate Unreviewed

CVE-2020-29023 was published May 24, 2022

web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter... Moderate Unreviewed

CVE-2020-28954 was published May 24, 2022

BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for... Moderate Unreviewed

CVE-2020-27604 was published May 24, 2022

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to... Moderate Unreviewed

CVE-2020-24972 was published May 24, 2022

In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe... Moderate Unreviewed

CVE-2019-15944 was published May 24, 2022

A vulnerability exists where the caret ("^") character is improperly escaped constructing some... Moderate Unreviewed

CVE-2019-11717 was published May 24, 2022

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows... Moderate Unreviewed

CVE-2019-3571 was published May 24, 2022

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches,... Moderate Unreviewed

CVE-2017-12340 was published May 13, 2022

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

67 advisories