Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,731
Maven
5,000+
npm
4,332
NuGet
763
pip
4,109
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,719 advisories

Loading
Command injection in docker-tester High
CVE-2021-34079 was published for docker-tester (npm) Jun 3, 2022
Command injection in librenms High
CVE-2022-29712 was published for librenms/librenms (Composer) Jun 3, 2022
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1... Moderate Unreviewed
CVE-2015-0169 was published May 17, 2022
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the... Moderate Unreviewed
CVE-2015-0931 was published May 17, 2022
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to... High Unreviewed
CVE-2015-1169 was published May 17, 2022
Remote code execution in Apache Flume Critical
CVE-2022-34916 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Aug 22, 2022
An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53... Critical Unreviewed
CVE-2021-44530 was published Jan 15, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File Moderate
CVE-2022-39217 was published for some-natalie/ghas-to-csv (GitHub Actions) Sep 16, 2022
aegilops some-natalie
Credited to aegilops and some-natalie
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is... High Unreviewed
CVE-2022-3967 was published Nov 13, 2022
A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP.... Critical Unreviewed
CVE-2015-10027 was published Jan 7, 2023
LPAR2RRD ? 4.53 and ? 3.5 has arbitrary command injection on the application server. High Unreviewed
CVE-2014-4982 was published May 17, 2022
A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of... Moderate Unreviewed
CVE-2014-5084 was published May 17, 2022
Apache Karaf vulnerable to potential code injection Critical
CVE-2022-40145 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2022
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS... High Unreviewed
CVE-2020-15953 was published May 24, 2022
Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable... High Unreviewed
CVE-2022-38357 was published Aug 16, 2022
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM... Moderate Unreviewed
CVE-2019-11282 was published May 24, 2022
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection... Moderate Unreviewed
CVE-2021-36322 was published Nov 21, 2021
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class... Moderate Unreviewed
CVE-2019-11045 was published May 24, 2022
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan... Moderate Unreviewed
CVE-2020-7045 was published May 24, 2022
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e... High Unreviewed
CVE-2020-7799 was published May 24, 2022
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan... Moderate Unreviewed
CVE-2020-7044 was published May 24, 2022
A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the... Critical Unreviewed
CVE-2022-4768 was published Dec 28, 2022
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP... Moderate Unreviewed
CVE-2020-5821 was published May 24, 2022
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs... Moderate Unreviewed
CVE-2020-1790 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database