Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,838
Erlang
36
GitHub Actions
33
Go
2,460
Maven
5,000+
npm
4,082
NuGet
723
pip
3,873
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,166 advisories

Loading
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan... Moderate Unreviewed
CVE-2020-7044 was published May 24, 2022
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class... Moderate Unreviewed
CVE-2019-11045 was published May 24, 2022
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting.... Moderate Unreviewed
CVE-2019-16254 was published May 24, 2022
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. Moderate Unreviewed
CVE-2019-18657 was published May 24, 2022
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through... Moderate Unreviewed
CVE-2019-18348 was published May 24, 2022
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM... Moderate Unreviewed
CVE-2019-11282 was published May 24, 2022
Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0... Moderate Unreviewed
CVE-2019-11275 was published May 24, 2022
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a... Moderate Unreviewed
CVE-2019-16532 was published May 24, 2022
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote... Moderate Unreviewed
CVE-2019-5977 was published May 24, 2022
Magento 2 Community Edition Injection Vulnerability Moderate
CVE-2019-7889 was published for magento/community-edition (Composer) May 24, 2022
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). Moderate Unreviewed
CVE-2017-18437 was published May 24, 2022
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). Moderate Unreviewed
CVE-2017-18389 was published May 24, 2022
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). Moderate Unreviewed
CVE-2018-20898 was published May 24, 2022
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot... Moderate Unreviewed
CVE-2018-20885 was published May 24, 2022
Activity Stream can display content from sent from the Snippet Service website. This content is... Moderate Unreviewed
CVE-2019-11718 was published May 24, 2022
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka... Moderate Unreviewed
CVE-2016-10761 was published May 24, 2022
A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an... Moderate Unreviewed
CVE-2019-3562 was published May 24, 2022
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject... Moderate Unreviewed
CVE-2022-23068 was published May 19, 2022
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 ... Moderate Unreviewed
CVE-2022-30991 was published May 19, 2022
A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of... Moderate Unreviewed
CVE-2014-5084 was published May 17, 2022
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript... Moderate Unreviewed
CVE-2014-10391 was published May 17, 2022
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. Moderate Unreviewed
CVE-2014-10394 was published May 17, 2022
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. Moderate Unreviewed
CVE-2014-10386 was published May 17, 2022
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the... Moderate Unreviewed
CVE-2015-0931 was published May 17, 2022
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1... Moderate Unreviewed
CVE-2015-0169 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database