Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

83 advisories

Loading
HTTP Response Splitting in Styx Moderate
CVE-2020-6858 was published for com.hotels.styx:styx-api (Maven) Mar 3, 2020
JLLeitschuh
CSS Injection in Chartkick gem Moderate
CVE-2020-16254 was published for chartkick (RubyGems) Aug 12, 2020
HTML Injection in preact Moderate
GHSA-cg48-9hh2-x6mx was published for preact (npm) Sep 2, 2020
Authenticated remote code execution Moderate
GHSA-pjj4-jjgc-h3r8 was published for shopware/platform (Composer) Mar 12, 2021
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria Moderate
GHSA-35fr-h7jr-hh86 was published for com.linecorp.armeria:armeria (Maven) Dec 6, 2019
JLLeitschuh
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV
Injection in DeltaSpike Moderate
CVE-2019-12416 was published for org.apache.deltaspike:deltaspike (Maven) Feb 10, 2022
Apache Superset vulnerable to Injection Moderate
CVE-2022-43720 was published for apache-superset (pip) Jan 16, 2023
Injection in MockServer Moderate
CVE-2021-32827 was published for org.mock-server:mockserver (Maven) Aug 30, 2021
Injection in Jenkins Moderate
CVE-2018-1000193 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
http before 0.13.3 vulnerable to header injection Moderate
CVE-2020-35669 was published for http (Pub) May 24, 2022
Improper Input Validation and Injection in Apache Log4j2 Moderate
CVE-2021-44832 was published for org.apache.logging.log4j:log4j-core (Maven) Jan 4, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File Moderate
CVE-2022-39217 was published for some-natalie/ghas-to-csv (GitHub Actions) Sep 16, 2022
aegilops some-natalie
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
Injection in bodymen Moderate
CVE-2019-10792 was published for bodymen (npm) Apr 13, 2021
Prototype Pollution in dot-object Moderate
CVE-2019-10793 was published for dot-object (npm) Feb 9, 2022
RDIL
Credentials bypass in Apache Druid Moderate
CVE-2020-1958 was published for org.apache.druid:druid (Maven) Feb 9, 2022
Prototype Pollution in undefsafe Moderate
CVE-2019-10795 was published for undefsafe (npm) Feb 9, 2022
RDIL
Injection in Apache Archiva Moderate
CVE-2020-9495 was published for org.apache.archiva:archiva (Maven) Feb 10, 2022
Header injection in nodemailer Moderate
CVE-2021-23400 was published for nodemailer (npm) Dec 10, 2021
Improper file handling in matrix-react-sdk Moderate
CVE-2021-32622 was published for matrix-react-sdk (npm) Feb 10, 2022
Command injection in Apache Flink Moderate
CVE-2020-1960 was published for org.apache.flink:flink-core (Maven) May 21, 2021
Client-Side JavaScript Prototype Pollution in oro/platform Moderate
CVE-2021-43852 was published for oro/platform (Composer) Jan 6, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
Command injection in gh-ost Moderate
CVE-2022-21687 was published for github.com/github/gh-ost (Go) Feb 1, 2022
dwisiswant0
ProTip! Advisories are also available from the GraphQL API