GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Link injection in SimpleSAMLphp
Low
GHSA-2r3v-q9x3-7g46
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0...
Low
Unreviewed
CVE-2015-0116
was published
May 17, 2022
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2...
Low
Unreviewed
CVE-2017-18860
was published
May 24, 2022
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
Low
Unreviewed
CVE-2020-13480
was published
May 24, 2022
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private...
Low
Unreviewed
CVE-2020-15011
was published
May 24, 2022
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a...
Low
Unreviewed
CVE-2020-1443
was published
May 24, 2022
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can...
Low
Unreviewed
CVE-2020-14965
was published
May 24, 2022
An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the...
Low
Unreviewed
CVE-2020-25048
was published
May 24, 2022
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains...
Low
Unreviewed
CVE-2020-16230
was published
May 24, 2022
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and...
Low
Unreviewed
CVE-2008-0456
was published
May 1, 2022
Unsanitized input leading to code injection in Dalli
Low
CVE-2022-4064
was published
for
dalli
(RubyGems)
Nov 19, 2022
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with...
Low
Unreviewed
CVE-2005-3007
was published
May 1, 2022
Users with SCRIPT right can execute arbitrary code in XWiki
Low
CVE-2020-15171
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 10, 2020
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
Low
Unreviewed
CVE-2022-29816
was published
Apr 29, 2022
Aliases are never checked in helm
Low
CVE-2020-15184
was published
for
helm.sh/helm
(Go)
May 24, 2021
Repository index file allows for duplicates of the same chart entry in helm
Low
CVE-2020-15185
was published
for
helm.sh/helm
(Go)
May 24, 2021
Improper Sanitizing of plugin names in helm
Low
CVE-2020-15186
was published
for
helm.sh/helm
(Go)
May 24, 2021
plugin.yaml file allows for duplicate entries in helm
Low
CVE-2020-15187
was published
for
helm.sh/helm
(Go)
May 24, 2021
Magnesium-PHP Injection vulnerability
Low
CVE-2017-20187
was published
for
floriangaerber/magnesium
(Composer)
Nov 5, 2023
Mattermost Injection vulnerability
Low
CVE-2023-35075
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish...
Low
Unreviewed
CVE-2019-1010310
was published
May 24, 2022
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID...
Low
Unreviewed
CVE-2023-29383
was published
Apr 15, 2023
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can...
Low
Unreviewed
CVE-2022-23721
was published
Apr 25, 2023
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
ProTip!
Advisories are also available from the
GraphQL API