GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,552

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

316 advisories

Filter by severity

Sort by

Least recently updated

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection... Moderate Unreviewed

CVE-2021-36322 was published Nov 21, 2021

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s... Moderate Unreviewed

CVE-2021-42117 was published Dec 1, 2021

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14... Moderate Unreviewed

CVE-2021-39910 was published Dec 14, 2021

An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious... Moderate Unreviewed

CVE-2021-43441 was published Dec 21, 2021

Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file Moderate Unreviewed

CVE-2021-4183 was published Dec 31, 2021

SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to... Moderate Unreviewed

CVE-2021-45818 was published Dec 31, 2021

Improper neutralization of special elements in output used by a downstream component ('Injection'... Moderate Unreviewed

CVE-2021-43929 was published Feb 8, 2022

A potential remote host header injection security vulnerability has been identified in HPE... Moderate Unreviewed

CVE-2022-23701 was published Feb 25, 2022

Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. Moderate Unreviewed

CVE-2021-43961 was published Mar 19, 2022

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured... Moderate Unreviewed

CVE-2021-27493 was published Apr 3, 2022

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the... Moderate Unreviewed

CVE-2021-22055 was published Apr 12, 2022

Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X... Moderate Unreviewed

CVE-2011-3624 was published Apr 22, 2022

Opera before 7.54 allows remote attackers to modify properties and methods of the location object... Moderate Unreviewed

CVE-2004-2570 was published Apr 29, 2022

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of... Moderate Unreviewed

CVE-2016-8720 was published May 13, 2022

The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files,... Moderate Unreviewed

CVE-2015-7309 was published May 13, 2022

In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If... Moderate Unreviewed

CVE-2018-1319 was published May 13, 2022

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response... Moderate Unreviewed

CVE-2018-1474 was published May 13, 2022

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP... Moderate Unreviewed

CVE-2018-1549 was published May 13, 2022

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2,... Moderate Unreviewed

CVE-2012-4196 was published May 13, 2022

Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and... Moderate Unreviewed

CVE-2011-2805 was published May 13, 2022

Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token... Moderate Unreviewed

CVE-2011-2855 was published May 13, 2022

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name... Moderate Unreviewed

CVE-2017-5246 was published May 13, 2022

IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper... Moderate Unreviewed

CVE-2018-1943 was published May 13, 2022

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that... Moderate Unreviewed

CVE-2018-1896 was published May 13, 2022

Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee... Moderate Unreviewed

CVE-2017-4028 was published May 13, 2022

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

316 advisories