Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,164
Erlang
30
GitHub Actions
19
Go
1,973
Maven
5,000+
npm
3,695
NuGet
654
pip
3,312
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

208 advisories

Loading
When copying a network request from the developer tools panel as a curl command the output was... Moderate Unreviewed
CVE-2023-23599 was published Jun 2, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an attacker can use a specially... Low Unreviewed
CVE-2023-32712 was published Jun 1, 2023
A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that... Moderate Unreviewed
CVE-2023-1711 was published May 30, 2023
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@'... Moderate Unreviewed
CVE-2023-31669 was published May 23, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template Critical
CVE-2023-32071 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) May 9, 2023
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints Low
CVE-2023-30844 was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to... High Unreviewed
CVE-2022-30351 was published Mar 30, 2023
Sudo before 1.9.13 does not escape control characters in log messages. Moderate Unreviewed
CVE-2023-28486 was published Mar 16, 2023
Sudo before 1.9.13 does not escape control characters in sudoreplay output. Moderate Unreviewed
CVE-2023-28487 was published Mar 16, 2023
XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile Critical
CVE-2023-26472 was published for org.xwiki.platform:xwiki-platform-icon-ui (Maven) Mar 3, 2023
Keycloak Cross-site Scripting on OpenID connect login service High
CVE-2022-4137 was published for org.keycloak:keycloak-parent (Maven) Mar 1, 2023
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the... Moderate Unreviewed
CVE-2023-0595 was published Feb 24, 2023
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection... Critical Unreviewed
CVE-2022-48339 was published Feb 21, 2023
Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler... Critical Unreviewed
CVE-2022-25987 was published Feb 16, 2023
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection... Moderate Unreviewed
CVE-2022-45102 was published Feb 1, 2023
A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability... Moderate Unreviewed
CVE-2015-10040 was published Jan 13, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel
A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an... Critical Unreviewed
CVE-2015-10011 was published Jan 3, 2023
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines High
CVE-2020-36567 was published for github.com/gin-gonic/gin (Go) Dec 27, 2022
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through... Moderate Unreviewed
CVE-2021-38997 was published Dec 12, 2022
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header... High Unreviewed
CVE-2022-40870 was published Nov 23, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui Critical
CVE-2022-41934 was published for org.xwiki.platform:xwiki-platform-menu-ui (Maven) Nov 21, 2022
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation... Moderate Unreviewed
CVE-2022-0421 was published Nov 21, 2022
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue... Critical Unreviewed
CVE-2022-4011 was published Nov 16, 2022
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP... Moderate Unreviewed
CVE-2022-34316 was published Nov 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database