Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

314 advisories

Loading
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. Moderate Unreviewed
CVE-2021-43961 was published Mar 19, 2022
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious... Moderate Unreviewed
CVE-2021-43441 was published Dec 21, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14... Moderate Unreviewed
CVE-2021-39910 was published Dec 14, 2021
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured... Moderate Unreviewed
CVE-2021-27493 was published Apr 3, 2022
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the... Moderate Unreviewed
CVE-2021-22055 was published Apr 12, 2022
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s... Moderate Unreviewed
CVE-2021-42117 was published Dec 1, 2021
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious... Moderate Unreviewed
CVE-2021-29416 was published May 24, 2022
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation... Moderate Unreviewed
CVE-2021-42663 was published May 24, 2022
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. Moderate Unreviewed
CVE-2021-40658 was published Jun 15, 2022
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to... Moderate Unreviewed
CVE-2022-29269 was published Jun 30, 2022
Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not... Moderate Unreviewed
CVE-2017-0154 was published May 17, 2022
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A... Moderate Unreviewed
CVE-2021-20543 was published Jun 25, 2022
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2022-34306 was published Jul 9, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is... Moderate Unreviewed
CVE-2021-39028 was published Jul 15, 2022
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed
CVE-2022-34160 was published Jul 9, 2022
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users... Moderate Unreviewed
CVE-2016-0881 was published May 17, 2022
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in... Moderate Unreviewed
CVE-2013-6501 was published May 17, 2022
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie... Moderate Unreviewed
CVE-2015-5841 was published May 17, 2022
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to... Moderate Unreviewed
CVE-2021-27611 was published May 24, 2022
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an... Moderate Unreviewed
CVE-2022-36302 was published Aug 2, 2022
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf... Moderate Unreviewed
CVE-2015-2704 was published May 17, 2022
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM... Moderate Unreviewed
CVE-2015-7466 was published May 17, 2022
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1... Moderate Unreviewed
CVE-2015-0169 was published May 17, 2022
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the... Moderate Unreviewed
CVE-2015-0931 was published May 17, 2022
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is... Moderate Unreviewed
CVE-2022-40958 was published Dec 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database