Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,362
Erlang
33
GitHub Actions
22
Go
2,133
Maven
5,000+
npm
3,797
NuGet
686
pip
3,473
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,467 advisories

Loading
Known vulnerable to account takeover via host header injection attack in v1.3.1 High
CVE-2022-33011 was published for idno/known (Composer) Jul 9, 2022
Remote code execution in xwiki-platform High
CVE-2022-23616 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Feb 9, 2022
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2022-34306 was published Jul 9, 2022
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0... Critical Unreviewed
CVE-2016-1155 was published May 17, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is... Moderate Unreviewed
CVE-2021-39028 was published Jul 15, 2022
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is... Critical Unreviewed
CVE-2022-34914 was published Jul 9, 2022
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could... Moderate Unreviewed
CVE-2022-34160 was published Jul 9, 2022
Improper Input Validation and Injection in Apache Log4j2 Moderate
CVE-2021-44832 was published for org.apache.logging.log4j:log4j-core (Maven) Jan 4, 2022
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary... High Unreviewed
CVE-2021-36668 was published Jul 13, 2022
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2... High Unreviewed
CVE-2017-9133 was published May 17, 2022
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of... High Unreviewed
CVE-2017-2140 was published May 17, 2022
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code... High Unreviewed
CVE-2022-31593 was published Jul 13, 2022
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users... Moderate Unreviewed
CVE-2016-0881 was published May 17, 2022
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2... High Unreviewed
CVE-2017-9135 was published May 17, 2022
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify... High Unreviewed
CVE-2015-8258 was published May 17, 2022
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as... Critical Unreviewed
CVE-2016-15004 was published Jul 24, 2022
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP. High Unreviewed
CVE-2022-26654 was published Jul 18, 2022
Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. Critical Unreviewed
CVE-2022-40434 was published Dec 20, 2022
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL... High Unreviewed
CVE-2017-5585 was published May 17, 2022
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a... High Unreviewed
CVE-2015-3200 was published May 17, 2022
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows... High Unreviewed
CVE-2016-2204 was published May 17, 2022
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1... High Unreviewed
CVE-2016-6754 was published May 17, 2022
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in... Moderate Unreviewed
CVE-2013-6501 was published May 17, 2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML... High Unreviewed
CVE-2022-34966 was published Jul 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database