GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
188 advisories
Filter by severity
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. * An...
Unknown
Unreviewed
CVE-2024-4420
was published
May 21, 2024
TYPO3 vulnerable to an HTML Injection in the History Module
Low
CVE-2024-34355
was published
for
typo3/cms-core
(Composer)
May 14, 2024
Improper escaping in XWiki Platform
High
CVE-2020-13654
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Feb 9, 2022
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Moodle Improper Encoding or Escaping of Output
Moderate
CVE-2021-40694
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Insert tag injection in the Contao login module
Moderate
CVE-2019-19714
was published
for
contao/contao
(Composer)
Dec 17, 2019
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with...
High
Unreviewed
CVE-2023-36921
was published
Jul 11, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46301
was published
Oct 22, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46300
was published
Oct 22, 2023
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site...
Moderate
Unreviewed
CVE-2023-37875
was published
Sep 14, 2023
RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.
Moderate
Unreviewed
CVE-2022-31458
was published
Jul 25, 2023
Controller DoS due to stack overflow when decoding a message from the server
High
Unreviewed
CVE-2023-24480
was published
Jul 13, 2023
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10,...
Moderate
Unreviewed
CVE-2023-36919
was published
Jul 11, 2023
When copying a network request from the developer tools panel as a curl command the output was...
Moderate
Unreviewed
CVE-2023-23599
was published
Jun 2, 2023
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an attacker can use a specially...
Low
Unreviewed
CVE-2023-32712
was published
Jun 1, 2023
A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that...
Moderate
Unreviewed
CVE-2023-1711
was published
May 30, 2023
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@'...
Moderate
Unreviewed
CVE-2023-31669
was published
May 23, 2023
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD)...
High
Unreviewed
CVE-2019-12675
was published
May 24, 2022
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD)...
High
Unreviewed
CVE-2019-12674
was published
May 24, 2022
LibreOffice documents can contain macros. The execution of those macros is controlled by the...
High
Unreviewed
CVE-2019-9853
was published
May 24, 2022
In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe...
Moderate
Unreviewed
CVE-2019-15944
was published
May 24, 2022
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows...
Moderate
Unreviewed
CVE-2019-3571
was published
May 24, 2022
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary...
High
Unreviewed
CVE-2018-16386
was published
May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector
Moderate
CVE-2020-10960
was published
for
mediawiki/core
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API