Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone,... High Unreviewed
CVE-2018-7032 was published May 13, 2022
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue... High Unreviewed
CVE-2018-4106 was published May 13, 2022
HTTP header injection in Sonatype Nexus Repository High
CVE-2021-40143 was published for org.sonatype.nexus:nexus-repository (Maven) Sep 8, 2021
There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this... High Unreviewed
CVE-2021-37033 was published Nov 24, 2021
Risk of code injection High
CVE-2021-21278 was published for rsshub (npm) Oct 12, 2021
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A... High Unreviewed
CVE-2021-36313 was published Nov 24, 2021
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. High
CVE-2020-35213 was published for io.atomix:atomix (Maven) Dec 17, 2021
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub... High Unreviewed
CVE-2023-0302 was published Jan 15, 2023
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by... High Unreviewed
CVE-2017-17531 was published May 13, 2022
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. High Unreviewed
CVE-2021-37262 was published Dec 17, 2021
In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host... High Unreviewed
CVE-2021-43437 was published Dec 21, 2021
uiutil.c in FontForge through 20170731 does not validate strings before launching the program... High Unreviewed
CVE-2017-17521 was published May 13, 2022
** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate... High Unreviewed
CVE-2017-17518 was published May 13, 2022
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary ... High Unreviewed
CVE-2015-4075 was published May 13, 2022
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks,... High Unreviewed
CVE-2018-9062 was published May 13, 2022
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper... High Unreviewed
CVE-2018-18992 was published May 13, 2022
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An ... High Unreviewed
CVE-2017-6031 was published May 13, 2022
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk... High Unreviewed
CVE-2017-6015 was published May 13, 2022
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort... High Unreviewed
CVE-2017-16719 was published May 13, 2022
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7... High Unreviewed
CVE-2015-1592 was published May 13, 2022
A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the... High Unreviewed
CVE-2017-20161 was published Jan 2, 2023
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products ... High Unreviewed
CVE-2017-3547 was published May 13, 2022
ntopng before 3.0 allows HTTP Response Splitting. High Unreviewed
CVE-2017-7459 was published May 13, 2022
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an... High Unreviewed
CVE-2017-6748 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database