Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

227 advisories

Loading
Shell command injection in gitea High
CVE-2022-30781 was published for code.gitea.io/gitea (Go) May 17, 2022
Log value insertion in craftercms Moderate
CVE-2021-23266 was published for org.craftercms:craftercms (Maven) May 17, 2022
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x,... Critical Unreviewed
CVE-2018-9246 was published May 14, 2022
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches,... Moderate Unreviewed
CVE-2017-12340 was published May 13, 2022
The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior... High Unreviewed
CVE-2017-12064 was published May 13, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows... Critical Unreviewed
CVE-2017-8303 was published May 13, 2022
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1... High Unreviewed
CVE-2014-9938 was published May 13, 2022
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display... Moderate Unreviewed
CVE-2019-6109 was published May 13, 2022
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps... Moderate Unreviewed
CVE-2019-0857 was published May 13, 2022
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8... High Unreviewed
CVE-2018-8609 was published May 13, 2022
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server ... Moderate Unreviewed
CVE-2018-2389 was published May 13, 2022
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager ... High Unreviewed
CVE-2018-8920 was published May 13, 2022
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended... High Unreviewed
CVE-2013-4547 was published May 13, 2022
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a... High Unreviewed
CVE-2016-2568 was published May 13, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for... Moderate Unreviewed
CVE-2021-39027 was published May 7, 2022
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by... High Unreviewed
CVE-2021-29854 was published May 4, 2022
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote... Moderate Unreviewed
CVE-2009-4267 was published May 2, 2022
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior... High Unreviewed
CVE-2022-0935 was published Apr 8, 2022
An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470.... High Unreviewed
CVE-2021-42324 was published Apr 6, 2022
The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and... Moderate Unreviewed
CVE-2022-0450 was published Mar 29, 2022
Nicotine+ DoS on Null Character in Download Request High
CVE-2021-45848 was published for nicotine-plus (pip) Mar 16, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection... Moderate Unreviewed
CVE-2022-22344 was published Mar 15, 2022
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or... Moderate Unreviewed
CVE-2022-22734 was published Mar 15, 2022
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly... High Unreviewed
CVE-2022-22151 was published Mar 12, 2022
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as... High Unreviewed
CVE-2022-25235 was published Feb 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database