GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Insert tag injection in the Contao login module
Moderate
CVE-2019-19714
was published
for
contao/contao
(Composer)
Dec 17, 2019
Control character injection in console output in github.com/ipfs/go-ipfs
Moderate
CVE-2020-26283
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Misinterpretation of malicious XML input
Moderate
CVE-2021-32796
was published
for
@xmldom/xmldom
(npm)
Aug 3, 2021
Authentication Bypass by Alternate Name in Apache Tomcat
Moderate
CVE-2021-30640
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI...
Moderate
Unreviewed
CVE-2021-20844
was published
Nov 25, 2021
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log...
Moderate
Unreviewed
CVE-2021-43410
was published
Dec 10, 2021
There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is...
Moderate
Unreviewed
CVE-2021-40007
was published
Dec 14, 2021
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2022-0210
was published
Jan 19, 2022
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is...
Moderate
Unreviewed
CVE-2021-29872
was published
Jan 19, 2022
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user...
Moderate
Unreviewed
CVE-2021-45226
was published
Jan 25, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27,...
Moderate
Unreviewed
CVE-2022-0220
was published
Feb 2, 2022
Path traversal in xwiki-platform-skin-skinx
Moderate
CVE-2022-23620
was published
for
org.xwiki.platform:xwiki-platform-skin-skinx
(Maven)
Feb 9, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface...
Moderate
Unreviewed
CVE-2021-43106
was published
Feb 15, 2022
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or...
Moderate
Unreviewed
CVE-2022-22734
was published
Mar 15, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection...
Moderate
Unreviewed
CVE-2022-22344
was published
Mar 15, 2022
The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and...
Moderate
Unreviewed
CVE-2022-0450
was published
Mar 29, 2022
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote...
Moderate
Unreviewed
CVE-2009-4267
was published
May 2, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for...
Moderate
Unreviewed
CVE-2021-39027
was published
May 7, 2022
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server ...
Moderate
Unreviewed
CVE-2018-2389
was published
May 13, 2022
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps...
Moderate
Unreviewed
CVE-2019-0857
was published
May 13, 2022
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display...
Moderate
Unreviewed
CVE-2019-6109
was published
May 13, 2022
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches,...
Moderate
Unreviewed
CVE-2017-12340
was published
May 13, 2022
Log value insertion in craftercms
Moderate
CVE-2021-23266
was published
for
org.craftercms:craftercms
(Maven)
May 17, 2022
Cross-site Scripting in Jenkins Random String Parameter Plugin
Moderate
CVE-2022-30966
was published
for
org.jenkins-ci.plugins:random-string-parameter
(Maven)
May 18, 2022
ProTip!
Advisories are also available from the
GraphQL API