Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,139
Maven
5,000+
npm
3,799
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

634 advisories

Loading
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields... Moderate Unreviewed
CVE-2020-9372 was published May 24, 2022
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. Moderate Unreviewed
CVE-2020-9466 was published May 24, 2022
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash.... Moderate Unreviewed
CVE-2020-9428 was published May 24, 2022
LiteCart through 2.2.1 allows CSV injection via a customer's profile. Moderate Unreviewed
CVE-2020-9017 was published May 24, 2022
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an... Moderate Unreviewed
CVE-2020-4161 was published May 24, 2022
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient... Moderate Unreviewed
CVE-2020-1811 was published May 24, 2022
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs... Moderate Unreviewed
CVE-2020-1790 was published May 24, 2022
SuiteCRM through 7.11.11 allows PHAR Deserialization. Moderate Unreviewed
CVE-2020-8801 was published May 24, 2022
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP... Moderate Unreviewed
CVE-2020-5821 was published May 24, 2022
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan... Moderate Unreviewed
CVE-2020-7045 was published May 24, 2022
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan... Moderate Unreviewed
CVE-2020-7044 was published May 24, 2022
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class... Moderate Unreviewed
CVE-2019-11045 was published May 24, 2022
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting.... Moderate Unreviewed
CVE-2019-16254 was published May 24, 2022
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. Moderate Unreviewed
CVE-2019-18657 was published May 24, 2022
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through... Moderate Unreviewed
CVE-2019-18348 was published May 24, 2022
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM... Moderate Unreviewed
CVE-2019-11282 was published May 24, 2022
Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0... Moderate Unreviewed
CVE-2019-11275 was published May 24, 2022
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a... Moderate Unreviewed
CVE-2019-16532 was published May 24, 2022
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote... Moderate Unreviewed
CVE-2019-5977 was published May 24, 2022
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). Moderate Unreviewed
CVE-2017-18437 was published May 24, 2022
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). Moderate Unreviewed
CVE-2017-18389 was published May 24, 2022
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). Moderate Unreviewed
CVE-2018-20898 was published May 24, 2022
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot... Moderate Unreviewed
CVE-2018-20885 was published May 24, 2022
Activity Stream can display content from sent from the Snippet Service website. This content is... Moderate Unreviewed
CVE-2019-11718 was published May 24, 2022
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka... Moderate Unreviewed
CVE-2016-10761 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database