GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
446 advisories
Filter by severity
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection...
Moderate
Unreviewed
CVE-2021-36322
was published
Nov 21, 2021
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42117
was published
Dec 1, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14...
Moderate
Unreviewed
CVE-2021-39910
was published
Dec 14, 2021
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious...
Moderate
Unreviewed
CVE-2021-43441
was published
Dec 21, 2021
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
Moderate
Unreviewed
CVE-2021-4183
was published
Dec 31, 2021
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to...
Moderate
Unreviewed
CVE-2021-45818
was published
Dec 31, 2021
Improper neutralization of special elements in output used by a downstream component ('Injection'...
Moderate
Unreviewed
CVE-2021-43929
was published
Feb 8, 2022
A potential remote host header injection security vulnerability has been identified in HPE...
Moderate
Unreviewed
CVE-2022-23701
was published
Feb 25, 2022
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
Moderate
Unreviewed
CVE-2021-43961
was published
Mar 19, 2022
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured...
Moderate
Unreviewed
CVE-2021-27493
was published
Apr 3, 2022
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the...
Moderate
Unreviewed
CVE-2021-22055
was published
Apr 12, 2022
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X...
Moderate
Unreviewed
CVE-2011-3624
was published
Apr 22, 2022
Opera before 7.54 allows remote attackers to modify properties and methods of the location object...
Moderate
Unreviewed
CVE-2004-2570
was published
Apr 29, 2022
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of...
Moderate
Unreviewed
CVE-2016-8720
was published
May 13, 2022
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files,...
Moderate
Unreviewed
CVE-2015-7309
was published
May 13, 2022
In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If...
Moderate
Unreviewed
CVE-2018-1319
was published
May 13, 2022
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response...
Moderate
Unreviewed
CVE-2018-1474
was published
May 13, 2022
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP...
Moderate
Unreviewed
CVE-2018-1549
was published
May 13, 2022
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2,...
Moderate
Unreviewed
CVE-2012-4196
was published
May 13, 2022
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and...
Moderate
Unreviewed
CVE-2011-2805
was published
May 13, 2022
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token...
Moderate
Unreviewed
CVE-2011-2855
was published
May 13, 2022
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name...
Moderate
Unreviewed
CVE-2017-5246
was published
May 13, 2022
IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper...
Moderate
Unreviewed
CVE-2018-1943
was published
May 13, 2022
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that...
Moderate
Unreviewed
CVE-2018-1896
was published
May 13, 2022
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee...
Moderate
Unreviewed
CVE-2017-4028
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API