Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

469 advisories

Loading
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
Remote code execution in xwiki-platform High
CVE-2022-23616 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Feb 9, 2022
Known vulnerable to account takeover via host header injection attack in v1.3.1 High
CVE-2022-33011 was published for idno/known (Composer) Jul 9, 2022
Go before 1.15.12 and 1.16.x before 1.16.5 allows injection. High Unreviewed
CVE-2021-33195 was published May 24, 2022
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
Server-Side Request Forgery in Jodd HTTP High
CVE-2022-29631 was published for org.jodd:jodd-http (Maven) Jun 7, 2022
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. High Unreviewed
CVE-2020-8644 was published May 24, 2022
Command injection in czproject/git-php High
CVE-2022-25866 was published for czproject/git-php (Composer) Apr 26, 2022
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
ProTip! Advisories are also available from the GraphQL API