Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can... High Unreviewed
CVE-2020-35475 was published May 24, 2022
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private... High Unreviewed
CVE-2020-25646 was published May 24, 2022
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly... High Unreviewed
CVE-2020-24849 was published May 24, 2022
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter... Moderate Unreviewed
CVE-2020-28954 was published May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized... High Unreviewed
CVE-2021-20405 was published May 24, 2022
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows... Moderate Unreviewed
CVE-2020-29023 was published May 24, 2022
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header... High Unreviewed
CVE-2022-40870 was published Nov 23, 2022
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator... High Unreviewed
CVE-2021-23205 was published May 24, 2022
IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote... High Unreviewed
CVE-2020-4850 was published May 24, 2022
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. Critical Unreviewed
CVE-2022-36446 was published Jul 26, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get... Moderate Unreviewed
CVE-2021-32072 was published May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to... Moderate Unreviewed
CVE-2021-32067 was published May 24, 2022
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A... Moderate Unreviewed
CVE-2021-38751 was published May 24, 2022
Under very specific conditions a user could be impersonated using Gitlab shell. This... Moderate Unreviewed
CVE-2021-22254 was published May 24, 2022
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Moderate Unreviewed
CVE-2021-39367 was published May 24, 2022
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an... Critical Unreviewed
CVE-2021-33672 was published May 24, 2022
keycloak Self Stored Cross-site Scripting vulnerability Critical
CVE-2021-20195 was published for org.keycloak:keycloak-core (Maven) Jun 8, 2021
A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability... Moderate Unreviewed
CVE-2015-10040 was published Jan 13, 2023
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote... Moderate Unreviewed
CVE-2009-4267 was published May 2, 2022
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by... High Unreviewed
CVE-2021-29854 was published May 4, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for... Moderate Unreviewed
CVE-2021-39027 was published May 7, 2022
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a... High Unreviewed
CVE-2016-2568 was published May 13, 2022
Improper Encoding or Escaping of Output and Injection in LibreNMS High
CVE-2019-12463 was published for librenms/librenms (Composer) Oct 11, 2019
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended... High Unreviewed
CVE-2013-4547 was published May 13, 2022
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager ... High Unreviewed
CVE-2018-8920 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database