Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

446 advisories

Loading
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed
CVE-2022-34160 was published Jul 9, 2022
Improper Input Validation and Injection in Apache Log4j2 Moderate
CVE-2021-44832 was published for org.apache.logging.log4j:log4j-core (Maven) Jan 4, 2022
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users... Moderate Unreviewed
CVE-2016-0881 was published May 17, 2022
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in... Moderate Unreviewed
CVE-2013-6501 was published May 17, 2022
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie... Moderate Unreviewed
CVE-2015-5841 was published May 17, 2022
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to... Moderate Unreviewed
CVE-2021-27611 was published May 24, 2022
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an... Moderate Unreviewed
CVE-2022-36302 was published Aug 2, 2022
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf... Moderate Unreviewed
CVE-2015-2704 was published May 17, 2022
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM... Moderate Unreviewed
CVE-2015-7466 was published May 17, 2022
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1... Moderate Unreviewed
CVE-2015-0169 was published May 17, 2022
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the... Moderate Unreviewed
CVE-2015-0931 was published May 17, 2022
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is... Moderate Unreviewed
CVE-2022-40958 was published Dec 22, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File Moderate
CVE-2022-39217 was published for some-natalie/ghas-to-csv (GitHub Actions) Sep 16, 2022
aegilops some-natalie
A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of... Moderate Unreviewed
CVE-2014-5084 was published May 17, 2022
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM... Moderate Unreviewed
CVE-2019-11282 was published May 24, 2022
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection... Moderate Unreviewed
CVE-2021-36322 was published Nov 21, 2021
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class... Moderate Unreviewed
CVE-2019-11045 was published May 24, 2022
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan... Moderate Unreviewed
CVE-2020-7045 was published May 24, 2022
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan... Moderate Unreviewed
CVE-2020-7044 was published May 24, 2022
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP... Moderate Unreviewed
CVE-2020-5821 was published May 24, 2022
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs... Moderate Unreviewed
CVE-2020-1790 was published May 24, 2022
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an... Moderate Unreviewed
CVE-2020-4161 was published May 24, 2022
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient... Moderate Unreviewed
CVE-2020-1811 was published May 24, 2022
SuiteCRM through 7.11.11 allows PHAR Deserialization. Moderate Unreviewed
CVE-2020-8801 was published May 24, 2022
LiteCart through 2.2.1 allows CSV injection via a customer's profile. Moderate Unreviewed
CVE-2020-9017 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database