GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
469 advisories
Filter by severity
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code...
High
Unreviewed
CVE-2022-31593
was published
Jul 13, 2022
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of...
High
Unreviewed
CVE-2017-2140
was published
May 17, 2022
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2...
High
Unreviewed
CVE-2017-9133
was published
May 17, 2022
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary...
High
Unreviewed
CVE-2021-36668
was published
Jul 13, 2022
Code injection in concrete CMS
High
CVE-2022-21829
was published
for
concrete5/core
(Composer)
Jun 25, 2022
Remote code execution in xwiki-platform
High
CVE-2022-23616
was published
for
org.xwiki.platform:xwiki-platform-administration-ui
(Maven)
Feb 9, 2022
Known vulnerable to account takeover via host header injection attack in v1.3.1
High
CVE-2022-33011
was published
for
idno/known
(Composer)
Jul 9, 2022
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for...
High
Unreviewed
CVE-2021-36913
was published
Oct 11, 2022
It was discovered that the get_pid_info() function in data/apport did not properly parse the ...
High
Unreviewed
CVE-2021-25682
was published
May 24, 2022
Go before 1.15.12 and 1.16.x before 1.16.5 allows injection.
High
Unreviewed
CVE-2021-33195
was published
May 24, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'...
High
Unreviewed
CVE-2022-43932
was published
Jan 5, 2023
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection...
High
Unreviewed
CVE-2020-23050
was published
May 24, 2022
Code injection via SVG file in convert-svg-core
High
CVE-2022-24429
was published
for
convert-svg-core
(npm)
Jun 11, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14...
High
Unreviewed
CVE-2021-30653
was published
May 24, 2022
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges...
High
Unreviewed
CVE-2020-18875
was published
May 24, 2022
Server-Side Request Forgery in Jodd HTTP
High
CVE-2022-29631
was published
for
org.jodd:jodd-http
(Maven)
Jun 7, 2022
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to...
High
Unreviewed
CVE-2020-23148
was published
May 24, 2022
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME...
High
Unreviewed
CVE-2020-5323
was published
May 24, 2022
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an...
High
Unreviewed
CVE-2020-17496
was published
May 24, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
High
CVE-2020-7596
was published
for
codecov
(npm)
May 24, 2022
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
High
Unreviewed
CVE-2020-8644
was published
May 24, 2022
Command injection in czproject/git-php
High
CVE-2022-25866
was published
for
czproject/git-php
(Composer)
Apr 26, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API