Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

475 advisories

Loading
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML... High Unreviewed
CVE-2022-34966 was published Jul 26, 2022
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1... High Unreviewed
CVE-2016-6754 was published May 17, 2022
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows... High Unreviewed
CVE-2016-2204 was published May 17, 2022
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a... High Unreviewed
CVE-2015-3200 was published May 17, 2022
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL... High Unreviewed
CVE-2017-5585 was published May 17, 2022
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP. High Unreviewed
CVE-2022-26654 was published Jul 18, 2022
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify... High Unreviewed
CVE-2015-8258 was published May 17, 2022
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2... High Unreviewed
CVE-2017-9135 was published May 17, 2022
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code... High Unreviewed
CVE-2022-31593 was published Jul 13, 2022
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of... High Unreviewed
CVE-2017-2140 was published May 17, 2022
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2... High Unreviewed
CVE-2017-9133 was published May 17, 2022
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary... High Unreviewed
CVE-2021-36668 was published Jul 13, 2022
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
Remote code execution in xwiki-platform High
CVE-2022-23616 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Feb 9, 2022
Known vulnerable to account takeover via host header injection attack in v1.3.1 High
CVE-2022-33011 was published for idno/known (Composer) Jul 9, 2022
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for... High Unreviewed
CVE-2021-36913 was published Oct 11, 2022
It was discovered that the get_pid_info() function in data/apport did not properly parse the ... High Unreviewed
CVE-2021-25682 was published May 24, 2022
Go before 1.15.12 and 1.16.x before 1.16.5 allows injection. High Unreviewed
CVE-2021-33195 was published May 24, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... High Unreviewed
CVE-2022-43932 was published Jan 5, 2023
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection... High Unreviewed
CVE-2020-23050 was published May 24, 2022
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14... High Unreviewed
CVE-2021-30653 was published May 24, 2022
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges... High Unreviewed
CVE-2020-18875 was published May 24, 2022
Server-Side Request Forgery in Jodd HTTP High
CVE-2022-29631 was published for org.jodd:jodd-http (Maven) Jun 7, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database