Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

634 advisories

Loading
Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit... Moderate Unreviewed
CVE-2019-7351 was published May 14, 2022
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated... Moderate Unreviewed
CVE-2015-3013 was published May 14, 2022
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. Moderate Unreviewed
CVE-2018-16627 was published May 14, 2022
An injection issue was addressed with improved validation. This issue affected versions prior to... Moderate Unreviewed
CVE-2018-4153 was published May 14, 2022
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject... Moderate Unreviewed
CVE-2015-5462 was published May 14, 2022
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com... Moderate Unreviewed
CVE-2017-8458 was published May 13, 2022
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM)... Moderate Unreviewed
CVE-2017-16766 was published May 13, 2022
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject... Moderate Unreviewed
CVE-2017-1115 was published May 13, 2022
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A... Moderate Unreviewed
CVE-2017-1202 was published May 13, 2022
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee... Moderate Unreviewed
CVE-2017-4028 was published May 13, 2022
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that... Moderate Unreviewed
CVE-2018-1896 was published May 13, 2022
IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper... Moderate Unreviewed
CVE-2018-1943 was published May 13, 2022
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name... Moderate Unreviewed
CVE-2017-5246 was published May 13, 2022
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token... Moderate Unreviewed
CVE-2011-2855 was published May 13, 2022
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and... Moderate Unreviewed
CVE-2011-2805 was published May 13, 2022
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2,... Moderate Unreviewed
CVE-2012-4196 was published May 13, 2022
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP... Moderate Unreviewed
CVE-2018-1549 was published May 13, 2022
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response... Moderate Unreviewed
CVE-2018-1474 was published May 13, 2022
In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If... Moderate Unreviewed
CVE-2018-1319 was published May 13, 2022
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files,... Moderate Unreviewed
CVE-2015-7309 was published May 13, 2022
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of... Moderate Unreviewed
CVE-2016-8720 was published May 13, 2022
Opera before 7.54 allows remote attackers to modify properties and methods of the location object... Moderate Unreviewed
CVE-2004-2570 was published Apr 29, 2022
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X... Moderate Unreviewed
CVE-2011-3624 was published Apr 22, 2022
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the... Moderate Unreviewed
CVE-2021-22055 was published Apr 12, 2022
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured... Moderate Unreviewed
CVE-2021-27493 was published Apr 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database