GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
62 advisories
Filter by severity
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection...
Moderate
Unreviewed
CVE-2022-22344
was published
Mar 15, 2022
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to...
Moderate
Unreviewed
CVE-2020-24972
was published
May 24, 2022
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP...
Moderate
Unreviewed
CVE-2022-34316
was published
Nov 15, 2022
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display...
Moderate
Unreviewed
CVE-2019-6109
was published
May 13, 2022
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for...
Moderate
Unreviewed
CVE-2020-27604
was published
May 24, 2022
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through...
Moderate
Unreviewed
CVE-2021-38997
was published
Dec 12, 2022
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter...
Moderate
Unreviewed
CVE-2020-28954
was published
May 24, 2022
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows...
Moderate
Unreviewed
CVE-2020-29023
was published
May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get...
Moderate
Unreviewed
CVE-2021-32072
was published
May 24, 2022
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A...
Moderate
Unreviewed
CVE-2021-38751
was published
May 24, 2022
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to...
Moderate
Unreviewed
CVE-2021-32067
was published
May 24, 2022
Under very specific conditions a user could be impersonated using Gitlab shell. This...
Moderate
Unreviewed
CVE-2021-22254
was published
May 24, 2022
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.
Moderate
Unreviewed
CVE-2021-39367
was published
May 24, 2022
A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability...
Moderate
Unreviewed
CVE-2015-10040
was published
Jan 13, 2023
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote...
Moderate
Unreviewed
CVE-2009-4267
was published
May 2, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for...
Moderate
Unreviewed
CVE-2021-39027
was published
May 7, 2022
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server ...
Moderate
Unreviewed
CVE-2018-2389
was published
May 13, 2022
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps...
Moderate
Unreviewed
CVE-2019-0857
was published
May 13, 2022
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI...
Moderate
Unreviewed
CVE-2021-20844
was published
Nov 25, 2021
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log...
Moderate
Unreviewed
CVE-2021-43410
was published
Dec 10, 2021
There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is...
Moderate
Unreviewed
CVE-2021-40007
was published
Dec 14, 2021
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches,...
Moderate
Unreviewed
CVE-2017-12340
was published
May 13, 2022
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is...
Moderate
Unreviewed
CVE-2021-29872
was published
Jan 19, 2022
A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface...
Moderate
Unreviewed
CVE-2021-43106
was published
Feb 15, 2022
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection...
Moderate
Unreviewed
CVE-2022-45102
was published
Feb 1, 2023
ProTip!
Advisories are also available from the
GraphQL API