GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,459
Composer 4,164
Erlang 30
GitHub Actions 19
Go 1,973
Maven 5,149
npm 3,695
NuGet 654
pip 3,311
Pub 11
RubyGems 881
Rust 831
Swift 35

Unreviewed advisories

All unreviewed 232,379

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

208 advisories

Filter by severity

Sort by

Least recently updated

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server ... Moderate Unreviewed

CVE-2018-2389 was published May 13, 2022

Improper Encoding or Escaping of Output in Asset Metadata Component High

CVE-2021-39170 was published for pimcore/pimcore (Composer) Sep 1, 2021

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8... High Unreviewed

CVE-2018-8609 was published May 13, 2022

A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps... Moderate Unreviewed

CVE-2019-0857 was published May 13, 2022

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI... Moderate Unreviewed

CVE-2021-20844 was published Nov 25, 2021

Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log... Moderate Unreviewed

CVE-2021-43410 was published Dec 10, 2021

There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is... Moderate Unreviewed

CVE-2021-40007 was published Dec 14, 2021

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1... High Unreviewed

CVE-2014-9938 was published May 13, 2022

An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows... Critical Unreviewed

CVE-2017-8303 was published May 13, 2022

The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior... High Unreviewed

CVE-2017-12064 was published May 13, 2022

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches,... Moderate Unreviewed

CVE-2017-12340 was published May 13, 2022

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can... High Unreviewed

CVE-2022-41322 was published Sep 25, 2022

A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an... Critical Unreviewed

CVE-2015-10011 was published Jan 3, 2023

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x,... Critical Unreviewed

CVE-2018-9246 was published May 14, 2022

Log value insertion in craftercms Moderate

CVE-2021-23266 was published for org.craftercms:craftercms (Maven) May 17, 2022

Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines High

CVE-2020-36567 was published for github.com/gin-gonic/gin (Go) Dec 27, 2022

Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special... High Unreviewed

CVE-2016-3063 was published May 17, 2022

Authentication Bypass by Alternate Name in Apache Tomcat Moderate

CVE-2021-30640 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is... Moderate Unreviewed

CVE-2021-29872 was published Jan 19, 2022

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface... Moderate Unreviewed

CVE-2021-43106 was published Feb 15, 2022

Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection... Moderate Unreviewed

CVE-2022-45102 was published Feb 1, 2023

A vulnerability exists where the caret ("^") character is improperly escaped constructing some... Moderate Unreviewed

CVE-2019-11717 was published May 24, 2022

XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile Critical

CVE-2023-26472 was published for org.xwiki.platform:xwiki-platform-icon-ui (Maven) Mar 3, 2023

Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler... Critical Unreviewed

CVE-2022-25987 was published Feb 16, 2023

PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to... High Unreviewed

CVE-2022-30351 was published Mar 30, 2023

Previous 1 2 3 4 5 … 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

208 advisories