GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
79 advisories
Filter by severity
Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability...
High
Unreviewed
CVE-2022-36392
was published
Aug 11, 2023
PrestaShop XSS injection through Validate::isCleanHTML method
High
CVE-2023-39527
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability...
High
Unreviewed
CVE-2023-3997
was published
Jul 31, 2023
Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was...
High
Unreviewed
CVE-2022-43713
was published
Jul 26, 2023
Controller DoS due to stack overflow when decoding a message from the server
High
Unreviewed
CVE-2023-24480
was published
Jul 13, 2023
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with...
High
Unreviewed
CVE-2023-36921
was published
Jul 11, 2023
TeamPass vulnerable to Improper Encoding or Escaping of Output
High
CVE-2023-3552
was published
for
nilsteampassnet/teampass
(Composer)
Jul 8, 2023
PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to...
High
Unreviewed
CVE-2022-30351
was published
Mar 30, 2023
Keycloak Cross-site Scripting on OpenID connect login service
High
CVE-2022-4137
was published
for
org.keycloak:keycloak-parent
(Maven)
Mar 1, 2023
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines
High
CVE-2020-36567
was published
for
github.com/gin-gonic/gin
(Go)
Dec 27, 2022
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header...
High
Unreviewed
CVE-2022-40870
was published
Nov 23, 2022
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can...
High
Unreviewed
CVE-2022-41322
was published
Sep 25, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can...
High
Unreviewed
CVE-2022-39957
was published
Sep 21, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially...
High
Unreviewed
CVE-2022-39958
was published
Sep 21, 2022
ansible-runner vulnerable to shell command injection
High
CVE-2021-4041
was published
for
ansible-runner
(pip)
Aug 25, 2022
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled...
High
Unreviewed
CVE-2022-28374
was published
Jul 15, 2022
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the...
High
Unreviewed
CVE-2022-23079
was published
Jun 23, 2022
Cross-site Scripting in Filter Stream Converter Application in XWiki Platform
High
CVE-2022-29258
was published
for
org.xwiki.platform:xwiki-platform-filter-ui
(Maven)
Jun 1, 2022
Cross-site Scripting in wiki manager join wiki page
High
CVE-2022-29252
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
May 25, 2022
Cross-site Scripting in the Flamingo theme manager
High
CVE-2022-29251
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
May 25, 2022
Improper Encoding or Escaping of Output in Apache Superset
High
CVE-2021-42250
was published
for
apache-superset
(pip)
May 24, 2022
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator...
High
Unreviewed
CVE-2021-23205
was published
May 24, 2022
IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote...
High
Unreviewed
CVE-2020-4850
was published
May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized...
High
Unreviewed
CVE-2021-20405
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API