Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,508 advisories

Loading
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and... Moderate Unreviewed
CVE-2011-2805 was published May 13, 2022
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2,... Moderate Unreviewed
CVE-2012-4196 was published May 13, 2022
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP... Moderate Unreviewed
CVE-2018-1549 was published May 13, 2022
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response... Moderate Unreviewed
CVE-2018-1474 was published May 13, 2022
In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If... Moderate Unreviewed
CVE-2018-1319 was published May 13, 2022
Moodle Does Not Escape Characters In Email Headers Moderate
CVE-2016-5013 was published for moodle/moodle (Composer) May 13, 2022
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files,... Moderate Unreviewed
CVE-2015-7309 was published May 13, 2022
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of... Moderate Unreviewed
CVE-2016-8720 was published May 13, 2022
Injection in Jenkins Moderate
CVE-2018-1000193 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Features file injection vulnerability Moderate
CVE-2013-4318 was published for features (RubyGems) May 5, 2022
richardfan0606 Credited to richardfan0606
Opera before 7.54 allows remote attackers to modify properties and methods of the location object... Moderate Unreviewed
CVE-2004-2570 was published Apr 29, 2022
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X... Moderate Unreviewed
CVE-2011-3624 was published Apr 22, 2022
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the... Moderate Unreviewed
CVE-2021-22055 was published Apr 12, 2022
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured... Moderate Unreviewed
CVE-2021-27493 was published Apr 3, 2022
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. Moderate Unreviewed
CVE-2021-43961 was published Mar 19, 2022
A potential remote host header injection security vulnerability has been identified in HPE... Moderate Unreviewed
CVE-2022-23701 was published Feb 25, 2022
Improper file handling in matrix-react-sdk Moderate
CVE-2021-32622 was published for matrix-react-sdk (npm) Feb 10, 2022
Injection in Apache Archiva Moderate
CVE-2020-9495 was published for org.apache.archiva:archiva (Maven) Feb 10, 2022
Injection in DeltaSpike Moderate
CVE-2019-12416 was published for org.apache.deltaspike:deltaspike (Maven) Feb 10, 2022
Prototype Pollution in undefsafe Moderate
CVE-2019-10795 was published for undefsafe (npm) Feb 9, 2022
RDIL Credited to RDIL
Prototype Pollution in dot-object Moderate
CVE-2019-10793 was published for dot-object (npm) Feb 9, 2022
RDIL Credited to RDIL
Credentials bypass in Apache Druid Moderate
CVE-2020-1958 was published for org.apache.druid:druid (Maven) Feb 9, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... Moderate Unreviewed
CVE-2021-43929 was published Feb 8, 2022
Command injection in gh-ost Moderate
CVE-2022-21687 was published for github.com/github/gh-ost (Go) Feb 1, 2022
dwisiswant0 Credited to dwisiswant0
Client-Side JavaScript Prototype Pollution in oro/platform Moderate
CVE-2021-43852 was published for oro/platform (Composer) Jan 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database