GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,135
Composer 4,081
Erlang 29
GitHub Actions 19
Go 1,909
Maven 5,106
npm 3,642
NuGet 638
pip 3,258
Pub 10
RubyGems 869
Rust 820
Swift 35

Unreviewed advisories

All unreviewed 228,998

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

188 advisories

Filter by severity

Sort by

Least recently updated

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed

CVE-2022-0210 was published Jan 19, 2022

XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability Critical

CVE-2022-36099 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) Sep 16, 2022

XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection Critical

CVE-2022-36100 was published for org.xwiki.platform.applications:xwiki-application-tag (Maven) Sep 16, 2022

A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue... Critical Unreviewed

CVE-2022-4011 was published Nov 16, 2022

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or... Moderate Unreviewed

CVE-2022-22734 was published Mar 15, 2022

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui Critical

CVE-2022-41934 was published for org.xwiki.platform:xwiki-platform-menu-ui (Maven) Nov 21, 2022

Path traversal in xwiki-platform-skin-skinx Moderate

CVE-2022-23620 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Feb 9, 2022

The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in... Moderate Unreviewed

CVE-2022-2241 was published Aug 2, 2022

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP... Critical Unreviewed

CVE-2022-39956 was published Sep 21, 2022

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x... High Unreviewed

CVE-2020-26116 was published May 24, 2022

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially... High Unreviewed

CVE-2022-39958 was published Sep 21, 2022

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can... High Unreviewed

CVE-2022-39957 was published Sep 21, 2022

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the... Moderate Unreviewed

CVE-2023-0595 was published Feb 24, 2023

PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to... High Unreviewed

CVE-2022-30351 was published Mar 30, 2023

Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler... Critical Unreviewed

CVE-2022-25987 was published Feb 16, 2023

XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile Critical

CVE-2023-26472 was published for org.xwiki.platform:xwiki-platform-icon-ui (Maven) Mar 3, 2023

A vulnerability exists where the caret ("^") character is improperly escaped constructing some... Moderate Unreviewed

CVE-2019-11717 was published May 24, 2022

Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection... Moderate Unreviewed

CVE-2022-45102 was published Feb 1, 2023

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface... Moderate Unreviewed

CVE-2021-43106 was published Feb 15, 2022

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is... Moderate Unreviewed

CVE-2021-29872 was published Jan 19, 2022

Authentication Bypass by Alternate Name in Apache Tomcat Moderate

CVE-2021-30640 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021

Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special... High Unreviewed

CVE-2016-3063 was published May 17, 2022

Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines High

CVE-2020-36567 was published for github.com/gin-gonic/gin (Go) Dec 27, 2022

Log value insertion in craftercms Moderate

CVE-2021-23266 was published for org.craftercms:craftercms (Maven) May 17, 2022

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x,... Critical Unreviewed

CVE-2018-9246 was published May 14, 2022

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

188 advisories