GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
dojox vulnerable to unescaped string injection
Critical
CVE-2018-15494
was published
for
dojox
(npm)
Oct 15, 2018
Improper Input Validation in Symfony
Critical
CVE-2019-11325
was published
for
symfony/symfony
(Composer)
Feb 12, 2020
keycloak Self Stored Cross-site Scripting vulnerability
Critical
CVE-2021-20195
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 8, 2021
Inconsistent input sanitisation leads to XSS vectors
Critical
CVE-2021-41132
was published
for
omero-figure
(pip)
Oct 14, 2021
A command injection remote code execution vulnerability was discovered on Western Digital My...
Critical
Unreviewed
CVE-2022-22992
was published
Jan 29, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows...
Critical
Unreviewed
CVE-2017-8303
was published
May 13, 2022
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x,...
Critical
Unreviewed
CVE-2018-9246
was published
May 14, 2022
Command injection in Apache Maven maven-shared-utils
Critical
CVE-2022-29599
was published
for
org.apache.maven.shared:maven-shared-utils
(Maven)
May 24, 2022
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc...
Critical
Unreviewed
CVE-2021-28940
was published
May 24, 2022
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an...
Critical
Unreviewed
CVE-2021-33672
was published
May 24, 2022
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ...
Critical
Unreviewed
CVE-2022-34820
was published
Jul 13, 2022
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled...
Critical
Unreviewed
CVE-2022-28375
was published
Jul 15, 2022
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
Critical
Unreviewed
CVE-2022-36446
was published
Jul 26, 2022
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Critical
CVE-2020-36599
was published
for
omniauth
(RubyGems)
Aug 19, 2022
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Critical
CVE-2022-36100
was published
for
org.xwiki.platform.applications:xwiki-application-tag
(Maven)
Sep 16, 2022
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
Critical
CVE-2022-36099
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
Sep 16, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP...
Critical
Unreviewed
CVE-2022-39956
was published
Sep 21, 2022
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component ...
Critical
Unreviewed
CVE-2022-41443
was published
Oct 4, 2022
Heron allows CRLF log injection
Critical
CVE-2021-42010
was published
for
org.apache.heron:heron-api
(Maven)
Oct 24, 2022
A vulnerability has been found in Activity Log Plugin and classified as critical. This...
Critical
Unreviewed
CVE-2022-3941
was published
Nov 11, 2022
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue...
Critical
Unreviewed
CVE-2022-4011
was published
Nov 16, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
Critical
CVE-2022-41934
was published
for
org.xwiki.platform:xwiki-platform-menu-ui
(Maven)
Nov 21, 2022
A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an...
Critical
Unreviewed
CVE-2015-10011
was published
Jan 3, 2023
Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler...
Critical
Unreviewed
CVE-2022-25987
was published
Feb 16, 2023
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection...
Critical
Unreviewed
CVE-2022-48339
was published
Feb 21, 2023
ProTip!
Advisories are also available from the
GraphQL API