GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,339
Composer 4,133
Erlang 29
GitHub Actions 19
Go 1,940
Maven 5,135
npm 3,677
NuGet 645
pip 3,295
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 230,819

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

60 advisories

Filter by severity

Sort by

Least recently updated

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through... Moderate Unreviewed

CVE-2021-38997 was published Dec 12, 2022

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation... Moderate Unreviewed

CVE-2022-0421 was published Nov 21, 2022

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP... Moderate Unreviewed

CVE-2022-34316 was published Nov 15, 2022

The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in... Moderate Unreviewed

CVE-2022-2241 was published Aug 2, 2022

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Moderate Unreviewed

CVE-2021-39367 was published May 24, 2022

Under very specific conditions a user could be impersonated using Gitlab shell. This... Moderate Unreviewed

CVE-2021-22254 was published May 24, 2022

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A... Moderate Unreviewed

CVE-2021-38751 was published May 24, 2022

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to... Moderate Unreviewed

CVE-2021-32067 was published May 24, 2022

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get... Moderate Unreviewed

CVE-2021-32072 was published May 24, 2022

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being... Moderate Unreviewed

CVE-2021-20333 was published May 24, 2022

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug... Moderate Unreviewed

CVE-2021-31806 was published May 24, 2022

Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows... Moderate Unreviewed

CVE-2020-29023 was published May 24, 2022

web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter... Moderate Unreviewed

CVE-2020-28954 was published May 24, 2022

BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for... Moderate Unreviewed

CVE-2020-27604 was published May 24, 2022

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to... Moderate Unreviewed

CVE-2020-24972 was published May 24, 2022

In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe... Moderate Unreviewed

CVE-2019-15944 was published May 24, 2022

A vulnerability exists where the caret ("^") character is improperly escaped constructing some... Moderate Unreviewed

CVE-2019-11717 was published May 24, 2022

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows... Moderate Unreviewed

CVE-2019-3571 was published May 24, 2022

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches,... Moderate Unreviewed

CVE-2017-12340 was published May 13, 2022

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display... Moderate Unreviewed

CVE-2019-6109 was published May 13, 2022

A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps... Moderate Unreviewed

CVE-2019-0857 was published May 13, 2022

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server ... Moderate Unreviewed

CVE-2018-2389 was published May 13, 2022

IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for... Moderate Unreviewed

CVE-2021-39027 was published May 7, 2022

The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote... Moderate Unreviewed

CVE-2009-4267 was published May 2, 2022

The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and... Moderate Unreviewed

CVE-2022-0450 was published Mar 29, 2022

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

60 advisories