Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,328
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

83 advisories

Loading
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Moderate
CVE-2022-3215 was published for github.com/apple/swift-nio (Swift) Jun 7, 2023
dellalibera
Abstrium Pydio Cells Resource Injection vulnerability Moderate
CVE-2023-2980 was published for github.com/pydio/cells/v4 (Go) May 30, 2023
vm2 vulnerable to Inspect Manipulation Moderate
CVE-2023-32313 was published for vm2 (npm) May 17, 2023
arkark
Apache StreamPark LDAP Injection vulnerability Moderate
CVE-2022-45801 was published for org.apache.streampark:streampark (Maven) May 1, 2023
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
Denial of service (DoS) when processing Git credentials Moderate
CVE-2022-43756 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
Apache Superset vulnerable to Injection Moderate
CVE-2022-43720 was published for apache-superset (pip) Jan 16, 2023
Froxlor vulnerable to Argument Injection Moderate
CVE-2022-4864 was published for froxlor/froxlor (Composer) Dec 31, 2022
Apache Spark vulnerable to Log Injection Moderate
CVE-2022-31777 was published for org.apache.spark:spark-core (Maven) Nov 1, 2022
kurt-r2c
OctoPrint vulnerable to Special Element Injection Moderate
CVE-2022-3607 was published for OctoPrint (pip) Oct 19, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File Moderate
CVE-2022-39217 was published for some-natalie/ghas-to-csv (GitHub Actions) Sep 16, 2022
aegilops some-natalie
Feehi CMS host header injection vulnerability Moderate
CVE-2022-38796 was published for feehi/cms (Composer) Sep 15, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
Possible inject arbitrary `CSS` into the generated graph affecting the container HTML Moderate
CVE-2022-31108 was published for mermaid (npm) Jul 5, 2022
http before 0.13.3 vulnerable to header injection Moderate
CVE-2020-35669 was published for http (Pub) May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector Moderate
CVE-2020-10960 was published for mediawiki/core (Composer) May 24, 2022
anonymous4ACL24
component-flatten vulnerable to Prototype Pollution Moderate
CVE-2019-10794 was published for component-flatten (npm) May 24, 2022
Zenario CMS vulnerable to CRLF injection Moderate
CVE-2015-3154 was published for zendframework/zend-http (Composer) May 24, 2022
Magento 2 Community Edition Injection Vulnerability Moderate
CVE-2019-7889 was published for magento/community-edition (Composer) May 24, 2022
Radicale regex metacharacters injection in the user name Moderate
CVE-2015-8748 was published for Radicale (pip) May 17, 2022
SilverStripe CSV Excel Macro Injection Moderate
CVE-2017-18049 was published for silverstripe/framework (Composer) May 14, 2022
Moodle Does Not Escape Characters In Email Headers Moderate
CVE-2016-5013 was published for moodle/moodle (Composer) May 13, 2022
Injection in Jenkins Moderate
CVE-2018-1000193 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Features file injection vulnerability Moderate
CVE-2013-4318 was published for features (RubyGems) May 5, 2022
richardfan0606
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database