Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

22 advisories

Loading
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc... Critical Unreviewed
CVE-2021-28940 was published May 24, 2022
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled... Critical Unreviewed
CVE-2022-28375 was published Jul 15, 2022
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component ... Critical Unreviewed
CVE-2022-41443 was published Oct 4, 2022
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. Critical Unreviewed
CVE-2022-36446 was published Jul 26, 2022
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an... Critical Unreviewed
CVE-2021-33672 was published May 24, 2022
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows... Critical Unreviewed
CVE-2017-8303 was published May 13, 2022
A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an... Critical Unreviewed
CVE-2015-10011 was published Jan 3, 2023
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x,... Critical Unreviewed
CVE-2018-9246 was published May 14, 2022
Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler... Critical Unreviewed
CVE-2022-25987 was published Feb 16, 2023
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP... Critical Unreviewed
CVE-2022-39956 was published Sep 21, 2022
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue... Critical Unreviewed
CVE-2022-4011 was published Nov 16, 2022
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ... Critical Unreviewed
CVE-2022-34820 was published Jul 13, 2022
A command injection remote code execution vulnerability was discovered on Western Digital My... Critical Unreviewed
CVE-2022-22992 was published Jan 29, 2022
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection... Critical Unreviewed
CVE-2022-48339 was published Feb 21, 2023
A vulnerability has been found in Activity Log Plugin and classified as critical. This... Critical Unreviewed
CVE-2022-3941 was published Nov 11, 2022
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to... Critical Unreviewed
CVE-2023-47143 was published Feb 2, 2024
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain... Critical Unreviewed
CVE-2023-46300 was published Oct 22, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain... Critical Unreviewed
CVE-2023-46301 was published Oct 22, 2023
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape... Critical Unreviewed
CVE-2023-38316 was published Nov 17, 2023
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an... Critical Unreviewed
CVE-2024-38475 was published Jul 1, 2024
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows... Critical Unreviewed
CVE-2024-38474 was published Jul 1, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),... Critical Unreviewed
CVE-2024-7873 was published Sep 17, 2024
ProTip! Advisories are also available from the GraphQL API