GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
216 advisories
Filter by severity
dojox vulnerable to unescaped string injection
Critical
CVE-2018-15494
was published
for
dojox
(npm)
Oct 15, 2018
Improper Encoding or Escaping of Output and Injection in LibreNMS
High
CVE-2019-12463
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Insert tag injection in the Contao login module
Moderate
CVE-2019-19714
was published
for
contao/contao
(Composer)
Dec 17, 2019
Improper Input Validation in Symfony
Critical
CVE-2019-11325
was published
for
symfony/symfony
(Composer)
Feb 12, 2020
Insufficient output escaping of attachment names in PHPMailer
High
CVE-2020-13625
was published
for
phpmailer/phpmailer
(Composer)
May 27, 2020
Secret disclosure when containing characters that become URI encoded
High
CVE-2020-26226
was published
for
semantic-release
(npm)
Nov 18, 2020
keycloak Self Stored Cross-site Scripting vulnerability
Critical
CVE-2021-20195
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 8, 2021
Control character injection in console output in github.com/ipfs/go-ipfs
Moderate
CVE-2020-26283
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Misinterpretation of malicious XML input
Moderate
CVE-2021-32796
was published
for
@xmldom/xmldom
(npm)
Aug 3, 2021
Authentication Bypass by Alternate Name in Apache Tomcat
Moderate
CVE-2021-30640
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Improper Encoding or Escaping of Output in Asset Metadata Component
High
CVE-2021-39170
was published
for
pimcore/pimcore
(Composer)
Sep 1, 2021
Inconsistent input sanitisation leads to XSS vectors
Critical
CVE-2021-41132
was published
for
omero-figure
(pip)
Oct 14, 2021
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker
High
CVE-2021-41232
was published
for
github.com/stevenweathers/thunderdome-planning-poker
(Go)
Nov 8, 2021
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI...
Moderate
Unreviewed
CVE-2021-20844
was published
Nov 25, 2021
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log...
Moderate
Unreviewed
CVE-2021-43410
was published
Dec 10, 2021
There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is...
Moderate
Unreviewed
CVE-2021-40007
was published
Dec 14, 2021
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2022-0210
was published
Jan 19, 2022
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is...
Moderate
Unreviewed
CVE-2021-29872
was published
Jan 19, 2022
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user...
Moderate
Unreviewed
CVE-2021-45226
was published
Jan 25, 2022
A command injection remote code execution vulnerability was discovered on Western Digital My...
Critical
Unreviewed
CVE-2022-22992
was published
Jan 29, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27,...
Moderate
Unreviewed
CVE-2022-0220
was published
Feb 2, 2022
Path traversal in xwiki-platform-skin-skinx
Moderate
CVE-2022-23620
was published
for
org.xwiki.platform:xwiki-platform-skin-skinx
(Maven)
Feb 9, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
Improper escaping in XWiki Platform
High
CVE-2020-13654
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API