GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
188 advisories
Filter by severity
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2022-0210
was published
Jan 19, 2022
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
Critical
CVE-2022-36099
was published
for
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
(Maven)
Sep 16, 2022
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Critical
CVE-2022-36100
was published
for
org.xwiki.platform.applications:xwiki-application-tag
(Maven)
Sep 16, 2022
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue...
Critical
Unreviewed
CVE-2022-4011
was published
Nov 16, 2022
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or...
Moderate
Unreviewed
CVE-2022-22734
was published
Mar 15, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
Critical
CVE-2022-41934
was published
for
org.xwiki.platform:xwiki-platform-menu-ui
(Maven)
Nov 21, 2022
Path traversal in xwiki-platform-skin-skinx
Moderate
CVE-2022-23620
was published
for
org.xwiki.platform:xwiki-platform-skin-skinx
(Maven)
Feb 9, 2022
The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in...
Moderate
Unreviewed
CVE-2022-2241
was published
Aug 2, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP...
Critical
Unreviewed
CVE-2022-39956
was published
Sep 21, 2022
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x...
High
Unreviewed
CVE-2020-26116
was published
May 24, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially...
High
Unreviewed
CVE-2022-39958
was published
Sep 21, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can...
High
Unreviewed
CVE-2022-39957
was published
Sep 21, 2022
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the...
Moderate
Unreviewed
CVE-2023-0595
was published
Feb 24, 2023
PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to...
High
Unreviewed
CVE-2022-30351
was published
Mar 30, 2023
Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler...
Critical
Unreviewed
CVE-2022-25987
was published
Feb 16, 2023
XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
Critical
CVE-2023-26472
was published
for
org.xwiki.platform:xwiki-platform-icon-ui
(Maven)
Mar 3, 2023
A vulnerability exists where the caret ("^") character is improperly escaped constructing some...
Moderate
Unreviewed
CVE-2019-11717
was published
May 24, 2022
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection...
Moderate
Unreviewed
CVE-2022-45102
was published
Feb 1, 2023
A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface...
Moderate
Unreviewed
CVE-2021-43106
was published
Feb 15, 2022
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is...
Moderate
Unreviewed
CVE-2021-29872
was published
Jan 19, 2022
Authentication Bypass by Alternate Name in Apache Tomcat
Moderate
CVE-2021-30640
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special...
High
Unreviewed
CVE-2016-3063
was published
May 17, 2022
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines
High
CVE-2020-36567
was published
for
github.com/gin-gonic/gin
(Go)
Dec 27, 2022
Log value insertion in craftercms
Moderate
CVE-2021-23266
was published
for
org.craftercms:craftercms
(Maven)
May 17, 2022
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x,...
Critical
Unreviewed
CVE-2018-9246
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API