GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
80 advisories
Filter by severity
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow...
Moderate
Unreviewed
CVE-2023-4393
was published
Oct 30, 2023
Improper Encoding or Escaping of Output in Apache Superset
Moderate
CVE-2021-42250
was published
for
apache-superset
(pip)
May 24, 2022
React Developer Tools extension Improper Authorization vulnerability
Moderate
CVE-2023-5654
was published
for
react-devtools-core
(npm)
Oct 19, 2023
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-8297
was published
Aug 29, 2024
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper...
Moderate
Unreviewed
CVE-2023-26289
was published
Jul 30, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6...
Moderate
Unreviewed
CVE-2024-6329
was published
Aug 8, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header...
Moderate
Unreviewed
CVE-2024-39736
was published
Jul 15, 2024
Ansible-core information disclosure flaw
Moderate
CVE-2024-0690
was published
for
ansible-core
(pip)
Feb 6, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Moodle Improper Encoding or Escaping of Output
Moderate
CVE-2021-40694
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
Insert tag injection in the Contao login module
Moderate
CVE-2019-19714
was published
for
contao/contao
(Composer)
Dec 17, 2019
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site...
Moderate
Unreviewed
CVE-2023-37875
was published
Sep 14, 2023
RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.
Moderate
Unreviewed
CVE-2022-31458
was published
Jul 25, 2023
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10,...
Moderate
Unreviewed
CVE-2023-36919
was published
Jul 11, 2023
When copying a network request from the developer tools panel as a curl command the output was...
Moderate
Unreviewed
CVE-2023-23599
was published
Jun 2, 2023
A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that...
Moderate
Unreviewed
CVE-2023-1711
was published
May 30, 2023
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@'...
Moderate
Unreviewed
CVE-2023-31669
was published
May 23, 2023
In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe...
Moderate
Unreviewed
CVE-2019-15944
was published
May 24, 2022
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows...
Moderate
Unreviewed
CVE-2019-3571
was published
May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector
Moderate
CVE-2020-10960
was published
for
mediawiki/core
(Composer)
May 24, 2022
KaTeX's `\includegraphics` does not escape filename
Moderate
CVE-2024-28245
was published
for
katex
(npm)
Mar 25, 2024
Misinterpretation of malicious XML input
Moderate
CVE-2021-32796
was published
for
@xmldom/xmldom
(npm)
Aug 3, 2021
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1...
Moderate
Unreviewed
CVE-2024-0987
was published
Jan 29, 2024
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
Moderate
Unreviewed
CVE-2023-28487
was published
Mar 16, 2023
ProTip!
Advisories are also available from the
GraphQL API